Here we have another unnecessary credit card data breach in a small organization which resulted in a loss of customers data demonstrating poor baseline security of small organization in this case a restaurant. Small organizations are not ready for PCI Compliance. Checkout why PCI Compliance is essential and why small merchants have to comply. [...]
Image by purpleslog via FlickrUser Security
Opening email attachments with integrated email clients
Not updating client software
Downloading untrusted software
Not creating or testing backups
Using wireless router connected inside the LAN
Strategic Security
Not providing training to security personnel
Only addressing physical security, neglecting data security
Not validating security fixes
Relying on firewall for all security needs
Not evaluating impact on reputation and data of [...]
Usually security breach occurs due to lack of basic security controls or lack of effective control which is not relevant over the time. Security controls also disintegrate over the time due to lack of maintenance and monitoring.
According to Privacy Rights Clearinghouse survey, the top three breaches resulted from laptop theft, software or human error, and [...]
Image via WikipediaAccording to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be [...]
Image by Getty Images via DaylifeThis week I was in attendance with thousands of people from all over the globe at RSA conference in Moscone Center San Francisco. The conference offers variety of training tracks and this year included two new tracks physical security & governance and risk & compliance. Since Novell CNE was one [...]
Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more [...]
According to BBC news article by Maggie Shiels (Feb 11, 2009) the world’s biggest software maker has warned companies to expect an increase in “insider” security attacks by disgruntled, laid-off workers. Microsoft said so-called “malicious insider” breaches were on the rise and would worsen in the present downturn.
Below are the high points:
• With 1.5 million [...]
In April 20007, California state IT council adopted the information security program guide which help organizations to comply with SB 1386. The council advised the use of information security standard ISO 27002 framework to comply and meet the needs of SB 1386.
[Table = 13]
Which businesses are affected by SB 1386 law?
o If you have a [...]
To become a successful business in today’s market, optimized information security controls may be the panacea for unmet security needs. One way to achieve optimized information security control is to perform ISO assessment and assess the organization security posture based on ISO 27002 code of practice and map each control with Capability Maturity Model Integration [...]
Open networks are heterogeneous environment where users like to use all the applications and systems at any given time. In a heterogeneous environment, each department run different hardware and software, but you can control the protocols which will work on this environment.
Universities are famous for open network. Most Universities network is comprised of a Bank [...]
Subscribe in a reader or Outlook
