-
I attended the 2010 RSA Conference in San Francisco last week. As expected, one of the major themes resonating throughout the conference keynotes, sessions, and exhibit hall was the opportunity we have as security professionals to help secure increasingly virtualized and cloud-based infrastructures....
Posted to
Security Webb
by
Renee Bradshaw
on
Mar 12, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, PCI Standards Council, Compliance, RSA, PCI, RSA Conference, Verizon Breach Report, RSA 2010, PTS, PCI Standard, PA-DSS, Bob Russo
-
After my last post on human error, and how it contributes to significant data breaches, I haven’t been able to get the idea out of my head. It should come as no surprise that we have found that companies may have the best security tools and resources available, yet still experience large breaches...
Posted to
Security Webb
by
Renee Bradshaw
on
Feb 17, 2010
Filed under:
Filed under: Security, Data Breach, PCI DSS, Insider Attack, Ponemon Institute, PCI Standards Council, Compliance, Secure Configuration Manager, Malicious, PCI, computer crime, non-malicious insider, malicious insider
-
Think back to your first day of work at a new job (could be your current one or a past one.) Remember how exciting things were, you were in HR orientation learning about your benefits and vacation policy – learning about your 401k options… all that good stuff that you get filled with when...
-
If you didn’t know already, there are only eight shopping days left before Christmas. Have you made your list? Have you checked it twice? Well, if you haven’t (or if you’re like me and there is really no end to your wish list), here are some things to consider adding when Santa asks...
-
The latest CSI Computer Crime and Security Survey is available for download this month, and great reading it is. One of the more interesting trends is the prevalence of non-malicious insiders as a cause of losses: "Twenty-five percent of respondents felt that over 60 percent of their financial losses...
-
The re are a couple of laws making their way through the halls of power at the moment. Senator Leahy's " Personal Data Privacy and Security Act " and Senator Feinstein's "Data Breach Notification Act". SC Magazine also has a little more on these two . Both aim to shine a little...
-
It's hard to let this one go by without some kind of comment - Albert Gonzalez a.k.a. "soupnazi", was charged earlier this week with stealing 130 million credit card numbers from such notable organizations as Hannaford Brothers, Heartland Payment Systems, TJ Maxx etc. Which is staggering...
-
Here's an interesting take on the threat from insiders - not that they are malicious, but rather just not that bothered with security risks. In this case it's a study showing that many IT administrators are unconcerned about the risk of former employees attacking their organization. (I supposed...
-
Well, the bizarre story of the T-Mobile breach , (or not, as the case may be) continues to unfold. It seems no one is really sure if a serious breach actually took place, or if it did, what was taken, if anything. So, all in all, not a lot of hard facts to go on. It seems an attack did take place, and...
-
Ouch. This from SC Magazine - $12.6 Million in fines and other costs for Heartland as a result of their breach last year. Of course, the long-term costs are likely to be far higher than this initial round: "It's still early to understand everything that's going to impact the final total...
-
Jonathan Penn of Forrester Research had some interesting comments on the RSA Conference which, I'm pleased to say, agreed with my own impressions of the show. Just like him, I also saw a lot of vendors talking about cost reduction, and in many ways it seems to be the obvious message to preach in...
-
So I'll be off to the RSA Conference next week, and hopefully blogging on a daily basis about what I see. I'll also be getting to sit down with a few security luminaries and hopefully pass on some of their thoughts on where security is going and what we should all expect to see over the next...
-
If you don't subscribe to e-finance&payments policy&law magazine , here's a chance to read the March featured article on analyzing the Heartland and FAA breaches. We're publishing it on the NetIQ website so that you can have a chance to look at my analysis of what can be learned from...
-
I saw this on BankInfoSecurity.com and found it pretty interesting. FTC attorney Alain Sheer discusses how the FTC approaches investigating data breaches, what they look for, and how they handle the legal enforcement of their activities. Although there's nothing particularly enlightening in it from...
-
This story in SC Magazine from Monday is one of those that make you scratch your head and say "huh?" The technical specs for the President's (that's POTUS for you West Wing types) helicopter, Marine One, were accidentally published on a Peer-to-Peer network, and are now happily residing...