When working on a security assessment, it is always helpful to use an automated tool that compares the key elements to the known best practices, and generates an overview result set...
The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending...
In 1975 my father, a doctor, was approached by some entrepreneurs. They had a brilliant idea. They were going to purchase a mainframe computer and sell computing on a timeshare basis to anyone who wanted to connect to it. Charges would be based on compute cycles and applications would be provided pre-loaded. Sound familiar? That was cloud computing. Today’s cloud is certainly different in scale. The flexible computing platform is provided by multiple virtual instances of many computers. The applications are provided by specialist companies like Salesforce.com for customer relationship management (CRM) and Google or Yahoo! for email, calendaring and document creation. The network is different than 1975 and the computing infrastructure has improved but the real difference between today and then is the threat.
Whether or not you believe social media to be as asset or liability to your organization, believe this; there are close to a half a billion people signed up to and involved in social media. Last time I checked, Facebook had more than 400 million users and Twitter has more than 50 million. Some say social media sites such as Facebook and other combined have close to a billion views per month. WEB 2.0 is alive and well and has changed the game for the IT professional.
Most would agree that globalization, fed by technological advances in the information system and telecommunications realms, has overwhelmingly been a "good thing". Our world is connected like never before, and those formerly isolated are now part of the landscape, able to access critical medical information, tap educational resources and answer almost any question in two clicks.
I recently had the pleasure of making the acquaintance of the illustrious Theresa Payton, who's long and vibrant career has spanned multiple industry sectors and government service at the highest levels.
Last week, this site [databreaches.net] received a lead about a security problem involving the web site of a Durex product. On March 5, a customer reportedly discovered that anyone could view his and other customers’ orders on the kohinoorpassion.com web site by simply inserting a different order ID number in the url without any login required. Names, addresses, phone numbers, and type of products ordered were all there for ready viewing. The orders had not been placed on the kohninoorpassion.com web site, but on the Durex India e-store site...
Many consumers have no idea that their dealerships are installing a little black box on cars. This little black box allows the dealerships to disable YOUR car if you fall behind on payments. It is the modern day alternative to the Repo Man.
The Lone Ranger was one of my favorite shows growing up. With his trusty side kick Tonto, he would always appear just in time to foil the bad guys and leave everyone wondering..."who is that masked man?" Was it really that hard to determine his identity?
Unfortunately for the frequent flyers among us, recent industry research from TrustWave’s Spider Labs showed that hackers went after hotel networks more than any other destination in 2009, accounting for 38% of all known security breeches, more than the financial services industry (19%) and retail industries (14.2%) combined...