Another report of a laptop stolen, this one containing reams of sensitive customer information. The laptop was later returned in the same office complex, to a room which was reportedly locked; however, the sensitive data on the laptop was not encrypted.
According to a San Francisco Chronicle article by Deborah Gage (Aug 6, 2008, pg. C1): [...]
These days access to the internet is a business requirement. Most businesses are selling their products and services on the internet which sometimes requires customers to have access to the critical assets such as applications and databases. The global growth of the internet has increased complexity and potential risks to these assets. In some cases, [...]
The PCI DSS (Payment Card Industry & Data Security Standard) was established by credit card companies to create a unified security standard for handling credit card information. The retail service industry now understands the strategic significance of PCI DSS compliance, which was demonstrated when TJX announced that their system was compromised for more than 17 [...]
Security review is performed to identify and analyze risks and weaknesses in the current security posture of an organization. An ISO assessment is performed utilizing international standard ISO 27002 and company security policy, the purpose of the review is to evaluate the information security posture of an organization based on international standard. The level of [...]
In real estate it’s all about location and the same way to succeed in information security risk assessment, it’s all about precise profiling of a system under review. The system profile sets the boundaries of an assessment and the reviewer includes or excludes assets in the review based on their criticality and sensitivity and the [...]
InfoSec blog