-
We like to think of Bring Your Own Device (BYOD) as a new phenomenon but nothing could be further from the truth. In the 1980s when the PC was introduced, employees started buying them on departmental budgets and running spreadsheets because of the difficulty of getting time on the corporate mainframe...
Posted to
Security Web
by
David Shephard
on
May 1, 2013
Filed under:
Filed under: Data Breach, Compliance, Cloud, iPad, BYOD, Bring Your Own Device, David Shephard, Security Web, PC, Salesforce.com, Lotus 1-2-3
-
Funny things happen when you’ve had a long day of work at a security software company and then go home and read “The Cat in the Hat” to the kids at bedtime. After I’ve been chatting all day with beleaguered IT managers about their pains and challenges, Dr. Seuss’ tale of...
Posted to
Security Web
by
Renee Bradshaw
on
Aug 29, 2012
Filed under:
Filed under: Security, Data Breach, Change Control, Compliance, Secure Configuration Manager, Risk Management, Regulations, File Integrity Monitoring, user monitoring, regulation, Consumerization, IT Security, Renee Bradshaw, Requirements, Audits, Monitoring, Security Breach, SIEM, Identity and Access Management, Sentinel, Change Guardian, Mobile Devices, Data Breaches, Mobile Security, Audit Reporting, BYOD, risk assessment, Healthcare, Cisco, Fortinet, Bring Your Own Device, Thing 2, iHealthBeat, Notify Technology, Osterman Research, Dr Suess, Thing 1, Security Web
-
A colleague sent me a reference to a posting recently where after reading the first paragraph, I immediately burst into laughter. Without calling the writer out (which is not the point), I’ll just state that it questioned the purpose and effectiveness of security awareness training – something...
Posted to
Security Web
by
Michael Colson
on
Aug 22, 2012
Filed under:
Filed under: Security, Data Breach, Compliance, Data Security, regulation, Information Security, Audit, hacker, password policy, corporate risk, Mandate, policy, PwC, Michael Colson, Vulnerabilities, Security Awareness Training, Procedure, Job Security, Security Posture, Environment, PricewaterhouseCoopers, Privacy Practices, Security Web
-
A few weeks ago, as I was deleting bogus emails from a few friends whose accounts had been hacked and working with my bank to replace a credit card, I began reflecting on security and compliance over the past year and comparing that to trends I see coming. Having spent a good portion of my career in...
Posted to
Security Web
by
Michael Colson
on
Aug 9, 2012
Filed under:
Filed under: Security, Data Breach, PCI DSS, Compliance, Verizon Breach Report, regulation, Information Security, Audit, Mike Colson, hacker, password policy, corporate risk, Mandate, Michael Colson, Security Web
-
To continue on to my previous blog surrounding challenges associated with log management programs, many SIEM solutions have the ability to integrate organizational knowledge and context such as roles, entitlements and asset value and use this data to assess threats. However, most organizations fail to...
-
The European Union (EU) has always held personal rights and privacy in high regard, and in January it added 119 pages of proposed tough new regulations and penalties for businesses and government agencies that handle personal data. Every member of the EU has signed on to the European Convention of Human...
Posted to
Security Web
by
David Shephard
on
Mar 9, 2012
Filed under:
Filed under: Data Breach, NetIQ, Data Protection, Privacy, Data Security, ICO, Social Media, HR, Sentinel, Identity Manager, Tuscany, Italy, Net Studio, EU, European Convention of Human Rights, Directive 95/46/EC, European Union, DPO, Access Manager, Garante per la Protezione dei Dati Personali, E-Privacy Directive, Francesco Pizzetti, Human Resources, European Commission, City of Siena, Duane Morris Alert, Directive 2002/58, Commission nationale de l'informatique et des libertés, CNIL, United Kingdom, UK, Information Commissioner Office, David Shephard, Security Web
-
This weekend, the Twitter account for Fox News claimed that President Barack Obama had been shot and killed. As it was a holiday weekend, the twitter-propogated 'news' didn't rocket as fast as other events (Michael Jackson death or Derek Jeter making the All-Star Team). But it still was an...
Posted to
Security Web
by
JeffCutler
on
Jul 5, 2011
Filed under:
Filed under: Security, Data Breach, Cloud Computing, cloud security, hacking, Twitter, Data Loss, Fox News, Barack Obama, JeffCutler, Security Web
-
RSA Security has admitted for the first time that its SecurID token system was breached. This information, in a letter to its customers this week, said that intruders had breached security at Lockheed Martin using data stolen from RSA. WHAT? Wait just a minute. Isn’t RSA supposed to be the organization...
Posted to
Security Web
by
JeffCutler
on
Jun 10, 2011
Filed under:
Filed under: Data Breach, RSA, cloud security, Art Coviello, Breach, WSJ.com, Lockheed Martin, SecurID, JeffCutler, Security Web
-
During the recent webinar: Combat Insider Threat: Proven Strategies from CERT ; Dawn Cappelli , Technical Manager of CERT’s Enterprise Threat and Vulnerability Management Team at Carnegie Mellon University’s Software Engineering Institute and Renee Bradshaw , one of my fellow bloggers here...
Posted to
Security Web
by
David Shephard
on
May 3, 2011
Filed under:
Filed under: Data Breach, NetIQ, CERT, insider threat, Cloud, Fraud, Crime, Software Engineering Institute, Vulnerability, Enterprise Threat and Vulbnerability Management Team, Carnegie Mellon, Dawn Cappelli, Threat, CSO Magazine, unfair dismissal, Laws, Corporate Awareness Training, DOJ, Secret Service, HR Strategies, Renee Bradshaw, IT Sabotage, Ponemon, HR Policy, Outsource, David Shephard, Security Web
-
At last weeks InfoSecurity Europe 2011 , NetIQ's very own Joern Dierks was interviewed by John Doody. This is a transcript of that interview and includes links to useful resources and organizations as well the video recording of the interview : John : Hello, From Infosecurity Europe 2011 from Earls...
Posted to
Security Web
by
David Shephard
on
Apr 25, 2011
Filed under:
Filed under: Security, IT process automation, Data Breach, Insider Attack, NetIQ, Cloud Computing, Change Control, Compliance, Data Protection, Risk Management, cloud security, Data Security, Security Policy, insider threat, IT Security, ISO 27000, Cloud, Service Level Agreements, SLAs, Information Security, InfoSecurity, InfoSec11, InfoSecurity Europe, IT Audit, InfoSec, Auditors, David Shephard, Security Web
-
Any company focused on information security must proactively manage user privileges throughout the identity lifecycle of every employee, contractor, and partner. Beginning with the on-boarding of a staff member, continuing through their career at the company, and finally ending with the off-boarding...
Posted to
All Things Admin
by
Renee Bradshaw
on
Mar 28, 2011
Filed under:
Filed under: Active Directory, AD Administration, Directory and Resource Administrator, Active Directory Administration, data breach, user provisioning, Native Tools, IT Process Automation, Active Directory Management, Automate user provisioning, Identity Management, Identity and Access Management, Provisioning, De-Provisioning, Identity Administration, Onboarding, Forrester Research, Andras Cser, Renee Bradshaw, Security Web
-
During a recent webinar: Combat Insider Threat: Proven Strategies from CERT ; I polled the following question to attendees: How do you detect unmanaged changes to critical system files? We wanted to understand how the attendees organizations were monitoring and responding to unmanaged changes by privileged...
Posted to
Security Web
by
Renee Bradshaw
on
Mar 8, 2011
Filed under:
Filed under: Data Breach, PCI DSS, File Integrity Monitoring, FIM, CERT, insider threat, Priviledged User, Unmanaged Change, Log Files, Logs, SOC, Renee Bradshaw, Security Web
-
In response to my invitation to our upcoming webinar with Ira Winkler on the topic of insider threat, I received the following question: As combating insider threats seems to be a difficult (next to impossible?) task, one of my primary areas of interest is not just is it possible to do without breaking...
Posted to
Security Web
by
Todd Tucker
on
Sep 7, 2010
Filed under:
Filed under: Security, Data Breach, Group Policy, DLP, Microsoft, insider threat, ira winkler, user monitoring, data loss prevention, database security, Todd Tucker, Security Web
-
I recently gave a presentation at the IDC Asia Pacific CIO Summit 2010 around Identity & Access Management (IAM) and security . It struck me that I should write up and share what I discussed and let you see the slides . Basically, my presentation comes down to the fact that IT managers need a secure...
Posted to
All Things Admin
by
Haf
on
Sep 3, 2010
Filed under:
Filed under: data breach, Security, Identity Management, Identity and Access Management, De-Provisioning, IAM, CIO Summit, IDC, privilege delegation, Haf, Security Web
-
I often say that information security starts with identity management and identity management starts with Active Directory. So it stands to reason that security and Active Directory are inexplicably tied together , bonded for life if you will. While every organization takes a different approach to security...
Posted to
All Things Admin
by
Erin Avery
on
Aug 17, 2010
Filed under:
Filed under: Active Directory, NetIQ, Auditing and Reporting, data breach, Security, Provisioning, computerworld, verizon, Erin Avery, Security Web