Outsourcing Breach Response Lowers Costs
By Doug Pollack, Chief Marketing Officer for ID Experts
The Ponemon Institute last month released their 5th annual 2009 Annual Study: Cost of Data Breach. This year, the report explored several new areas and came up with some interesting and in some cases surprising conclusions…
Afraid of the Cloud? Ask the Right Questions
By Greg George, Managing Partner of GTI Advisors
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
Perplexities of Enterprise Privacy Policies
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
Web Security From A New Perspective
By Sean Wilkins, Contributor at CIOZone
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
On Privacy and Cloud Computing Challenges
By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI
Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…
DoS Attacks and Continuity of Operations
By Sean Wilkins, Contributor at CIOZone
These types of attacks are typically launched from computer robots (bots) which are exploited computers which have an Internet connection. These bots are then directed by central controllers to do the tasks assigned. These tasks vary but can include initiating a DDoS attack on a specified target. Now when the combined bandwidth of thousands of bots comes into play, any company can have their Internet connectivity partially or completely blocked.
On Managing Your Own Health Records
By Doug Pollack, Chief Marketing Officer for ID Experts
Microsoft HealthVault is designed to let us collect, store, and share health information critical to our family’s well-being and Google Health allows us to organize our health information all in one place, gather our medical records from doctors, hospitals, and pharmacies, and share our information securely with a family member, doctors or caregiver. For now, I probably won’t start trusting my medical history to either Microsoft or Google…
Broadcasting Vulnerabilities Hinders Security
By Tom Groenfeldt, Technology Journalist - Contributor at CIOZone
The way most of the vendors do PC security makes it very easy for the bad guys to circumvent their software pretty quickly, said John Viega, vice president of engineering at McAfee and author of a new book, The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know. The technologies generally have not gotten good enough fast enough, and there hasn’t been the best collaboration between vendors, even though they do collaborate, he added. They are getting better, but some vendors, who market by publicly announcing vulnerabilities in popular software packages, do more to hurt than help…
Why There Will Be No Year Of The Cloud
By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development
Before vast herds of businesses go running to the cloud, they will want to see that others have done it an not been burned. This is classic bell curve stuff - a few will do it, but it will be a while before the majority of the IT organizations use the cloud in any significant way.
Report: China Probing Soft Cyber Underbelly
By Tom Groenfeldt, Technology Journalist - Contributor at CIOZone
In China today, there are thousands of people in a sustained effort to collect intelligence, many of them on an entrepreneurial basis within a competing bureaucratic structure. China understands that a strategic vulnerability of the United States is its soft cyber underbelly. I believe they seek to ‘own’ that space, says Mike McConnell, former director of National Intelligence and director of the NSA.
