August 29, 2011 - Whether it's a self-service system for network password resets or logging into a banking website, chances are you're familiar with Knowledge-Based Authentication (KBA). This type of authentication (continue reading...) Read more
August 18, 2011 - The recent high profile security breaches highlighted the significant reputational and financial damage organisations with poor data security practices are exposed to. With cybercriminals increasingly targeting soft social data, enforcing stricter protection of users’ personal details and privacy has become (continue reading...) Read more
August 5, 2011 - There is a widely held myth that using private clouds alleviates all the security concerns that come with the public cloud. While private clouds are a great way to get your feet wet in the cloud and do greatly help (continue reading...) Read more
July 25, 2011 - PCI 2.0 Virtualization Guidelines are now almost 4 weeks old, and after a few speaking events and internal discussions, it’s apparent that what we’ve been advocating for over a year was right on the money- and that’s the strategic use (continue reading...) Read more
July 1, 2011 - You can call it symbolic, but the first bars of Etta James’ “At Last” started to play on the radio when I ran into the FFIEC announcement on their long awaited update to the Internet Banking (continue reading...) Read more
June 17, 2011 - 3 to 132.That’s the number of times virtualization was mentioned in PCI 2.0 DSS vs. the just published PCI Virtualization Guidelines. Yes, after being relatively light on guidelines, the PCI Council now has recommendations for using cloud computing and (continue reading...) Read more
June 16, 2011 - Anyone who’s been around PCI knows not all sections are created equal. I learned this real fast. I was talking to the security team for a large financial institution shortly after PCI 1.0 came out and one of (continue reading...) Read more
June 14, 2011 - Panic. Bedlam. Lawlessness. Anarchy. For some reason the cloud conjures visions of chaos for organizations moving to the cloud. And I guess in retrospect it’s really no surprise given the sea change that the cloud model represents to our industry. (continue reading...) Read more
June 13, 2011 - By Stephen Helm The International Monetary Fund joined Google, Sony, Lockheed Martin, RSA Security, and CitiGroup as the latest victim in a string of targeted and sophisticated cyber-attacks. According to the New York Times, the attacks were likely to have (continue reading...) Read more
May 20, 2011 - My brother works for the government and has a joking phrase about his job, “I’m with the government. I’m here to help. Now turn over all your books.” For most Audit/Compliance folks that I talk to, dealing with the use (continue reading...) Read more
May 2, 2011 - Security professionals are gossip hounds just as much as everyone else. While we haven’t been chatting about who would be designing Kate Middleton’s dress, we have been chatting about what happened to PlayStation last week. And the conjecture (continue reading...) Read more
May 2, 2011 - The massive security breach of Sony’s PlayStation Network is yet another example of the vulnerability of our personal data. Over 77 million PSN users had their personal data, possibly including credit card numbers, exposed in one of the largest hacks (continue reading...) Read more
April 28, 2011 - Regulatory ‘compliance’ – it’s a dirty word in business today. Perhaps that’s because we’re being force-fed more and more rules that various governing bodies believe are the best ways for (continue reading...) Read more
April 25, 2011 - “Keep your friends close, and your enemies closer.” Attributed to Machiavelli and Sun Tzu, this truism points to the importance of keeping a close eye on those that can hurt you the most. Against a backdrop of unprecedented growth in smartphones (continue reading...) Read more
April 18, 2011 - Over the weekend, a disgruntled former employee of NextEra Energy Resources, a subsidiary of Florida Power & Light, claimed he discovered a vulnerability in the Cisco security management software, and was able to hack into the SCADA (supervisory control (continue reading...) Read more
April 18, 2011 - There’s going to be lots said and launched at Infosecurity Europe. But, in the calm before the storm, here’s what we think will be some themes of the show. And despite having a little magic on our stand, we’re not (continue reading...) Read more
April 12, 2011 - In today’s economy, every cent counts. Companies have to keep a close eye on budgets, looking for any area to cut costs in an effort to preserve funds. With this being the case, why would companies spend 50% more than (continue reading...) Read more
April 5, 2011 - Yesterday, the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA) issued a press release revealing their survey results on accidental data loss vs hackers. They surveyed 500 compliance professionals. The upshot of (continue reading...) Read more
March 31, 2011 - When regulatory compliance dictates, specific industries proactively plan for protection. The plan 'bleeds' into other data (PCI into PII for example). When I spend time with industries that 'straddle' the need to protect data (like pharma or transportation that have (continue reading...) Read more
March 30, 2011 - I identified with an article on SearchCIO.com - “CIOs looking for ways to say yes to the iPad in the enterprise” –which reflects the dilemmas IT departments are facing as more employees and executives bring their iPads into the (continue reading...) Read more