RECOGNIZING THE THREAT FROM WITHIN
Information security professionals are often concerned about attacks coming from outside the organization – such as remote hackers. However, more than half of these attacks1 come from inside the organization. Information security professionals along with non-IT staff need to be trained to recognize the traits and (more…)
REDUCING RISKS THROUGH COMPENSATION: HOW TO INSTITUTIONALIZE RISK MANAGEMENT IN EMPLOYEE INCENTIVE COMPENSATION PLANS
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a (more…)
INCIDENT RESPONSE: KNOWING YOUR OBLIGATIONS IN THE EVENT OF A SECURITY BREACH
Your organization just experienced a data security breach. All of the data that was entrusted to your organization to be kept safe is now “out there” on the Internet. Your organization doesn’t have an incident response plan (IRP). Who do (more…)
HOW TO CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE
CREATE A REALLY STRONG PASSWORD: A PEN TESTER’S PERSPECTIVE.
Attackers have figured out how to crack even what you and I think are the toughest passwords. HALOCK pen testers almost always find passwords as a weak spot in every investigation. With so much at stake, it’s a wonder why password safety still isn’t being (more…)
Vendor Risk Management Hype Extends Beyond Target®
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant (more…)
Network Penetration Testing: What’s the Ideal Frequency to Conduct Pen Tests?
Some companies test once a year. Some test several times a year. So what frequency is correct for your organization? Well that all depends on how frequently your environment changes and other unique factors affecting your organization. When determining how often to conduct network penetration tests, consider the following:
Why A Penetration Test ≠ An Automated Vulnerability Scan
Both penetration tests and automated vulnerability scans are useful tools for managing vulnerabilities. While these are different testing methods, they are complementary and both should be performed. (more…)
Expecting the Unexpected, Removing Fear From a Security Incident
Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if (more…)
Why are Hackers Heckling the Director of the NSA?
The Hackers Heckling. The Black Hat convention is under way today in Las Vegas, and there, before a group of information-security-minded individuals, stood General Keith Alexander, Director of the NSA, getting heckled by conference attendees. Their complaints were targeted at the NSA’s surveillance activities and Director Alexander’s dubious testimony to Congress about those activities. (more…)
Higher Education (sampled colleges and universities) is a Prime Target for Security Breaches
FOR IMMEDIATE RELEASE
HALOCK Investigation finds that 25% of sampled colleges and universities are putting student and parent private financial data at risk
