Categories ArchivesEnterprise Security

RSA Announces Advanced Cyber Defense Service standard

A very long time ago I worked at a company called Internet America. For those that remember, we were the 1-800-Be-A-Geek company. Back on the early side of the Internet explosion (this is 1996) I remember walking into server rooms in absolute awe of the big machines that powered our customers’ experience and the respect I had for those that ran them. One particular guy I remember is Gordon. Gordon was a typical middle-aged geek (before it was chic) and he had a catch phrase that always made me smile. When you asked Gordon how he was doing, he would say, “The bugs are winning today.” Back then, we had a lot of days like that. Over the last two ...

Continue Reading

PCI Hacks Going Global standard

Looks like non-US based merchants can start to shake in their boots a bit. I know this isn’t the first one outside the US (and not the biggest), but it seems like all we hear about are the ones here at home. So how big was this one? According to Wired, pretty big. 500K cards is not 95 million, but it’s certainly not a handful either. What I find interesting about this particular hack is not the number of cards or the source of the hack, but the fact that it wasn’t really advanced and much different from the majority of the small merchant breaches here in the US. The smoking gun comes from paragraph three: The company’s network used ...

Continue Reading

Guest Post: Different Kinds of Document Destruction standard

The following is a guest post by Andrew Morrell. The general public and businesses alike fret over how to dispose of their sensitive documents. Anything from a personal paper to PII/PCI data to an accounting sheet can be used by competitors or otherwise be a source of ridicule and liability. The difference for a business is that competition for real money is at stake. A large business can have thousands of pages to destroy. The choice is between small office shredders and professional services. While it might surprise some, there are enterprises that offer to haul away waste paper in fairly large trucks and use an industrial shredder. This is one way to dispose and recycle a mountain of business ...

Continue Reading

If I Derive PII/PHI, Does It Make A Sound? standard

The Big Data problem and solution is fascinating. In some respects it is incredibly powerful and has tremendous applications for humanity at large, but other implementations are frighteningly big brother-esque. If you hadn’t heard, Target knows you are pregnant before your family does. They do it by watching your behavior on their website. So the new question that we face is what do we do if we derive or create accurate PII/PHI in the normal course of learning about our customers? I’m worried that companies will recklessly create data about their customers in new ways never before possible, exposing we citizens to many privacy breaches. I’m doing research in this area now, and am very interested to see where this ...

Continue Reading

Can You Trust Email Anymore? standard

I’ve been running my own email server for almost as long as I’ve had an email address. And when you roll your own, you have to figure out your own answer to the onslaught of SPAM that hits you every single day. A quick poll says that my SPAM server (Postini) blocked over 200 emails addressed to me today, and over the last sixty minutes there have been more SPAM than legitimate emails for all of my users. This isn’t surprising. We’ve all been victim to the, “Didn’t you get my email?” question countered by, “Just found it in my SPAM folder.” Postini is fantastic. It’s interface isn’t great (Google has done NOTHING with it), support is spotty, and frankly ...

Continue Reading

Healthcare Security, Where Are You? standard

Information security with electronic healthcare information is often discussed (not here) behind closed doors with lots of whispers. The state of information security in the healthcare space varies, but most insiders agree it is in conflict. Dismal even. Yours truly even took down an entire hospital’s printing network because they were running a super-duper-pooper vulnerable print server that just happened to get popped when doing what should have been innocent scanning. Security in many industries starts with compliance, but even that’s not working. HIPAA has been around for fifteen years—and its follow-up act(s) less than five—but we are constantly playing catchup. The results of a 2006 (yes five years old) survey showed that HIPAA had the lowest compliance rates among ...

Continue Reading

Hospitality Still in the Crosshairs standard

With all the news and information we are pummeled with daily, it’s hard to ignore the significance of cyber security and its role in protecting enterprises and individuals. It’s even pretty easy to ignore until it happens to you. I have written and spoken about the challenges in the hospitality industry before, and they remain a big target for a few big reasons. Many hotels, even ones with a big-brand name on the facade, are owned and operated by individual companies and investors. Joe’s Hotel Group buys the building, hires the employees, and plugs into GiantHotelChain’s reservation and reward system. Many hotels are wide-reaching properties where everywhere you go you have an opportunity to perform a transaction (pay TV, internet, ...

Continue Reading

Security and Compliance in a Virtualized World standard

Are security and compliance hindering your ability to comply with PCI DSS or any other number of compliance initiatives? Check out this BUZZ Talk from EMC World where Paul Divittorio and I talk about how EMC does it, and how you can too! Description of the talk: As you move to adopt virtual infrastructure solutions to reduce costs and improve IT operations, make sure you understand the security implications of virtualization. The good news is—virtual environments can be more secure than their physical counterparts. It’s time to separate fact from fiction. Let’s discuss your experiences and what we’ve learned from EMC IT’s own virtualization story. Watch the video here! Possibly Related Posts: Selective Domain Filtering with Postfix and a SPAM ...

Continue Reading

Data as a Gravity Well standard

Las Vegas hosted one of EMC’s premier events, EMC World. While this show is primarily IT focused, RSA (the Security Division of EMC) makes a presence every year. This year was my second to attend, and even though the location was the same, there was a big difference in this year’s average IT attendee—they showed a tremendous interest in Security! In fact, our booth at EMC World was PACKED on Monday evening. We nearly hit our goal of visitors for the whole show on the first day! Security and compliance had a track in the breakout sessions, and if you went to Sanjay’s keynote, you may remember our CISO getting up on stage to talk about some of the security ...

Continue Reading

Where is your first line of defense? standard

I recently attended a fantastic roundtable put on by Financial Times in New York and as I’m sitting listening to a group of folks that specialize in anti-money laundering and fraud, one person stated that people detected the vast majority of fraud or money laundering with tools playing a supporting role. By itself, this seems to be a bit damning toward the technical sector essentially stating that they aren’t any good at detecting fraud. Or at least their tools aren’t any good. But technology has always played a catch-up role when compared to human intuition. It could be simple things like highlighting the right statistical inconsistencies for analysts or complex things like playing chess against the world’s best, but we’re ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!