Understanding The PCI Compliance Spectrum

May 24, 2013
Chris Mark

The rules governing the PCI DSS can be complex and confusing . When coupled with the 250+ requirements, and their dependencies, it can be a daunting task to understand to which systems the standard applies, and which requirements apply under what conditions.  In training thousands of QSAs, merchants, and banks, I have developed a concept that helps...

An Assessor’s View

May 23, 2013
Sherri Collis

It has become impossible to avoid the headlines announcing that our data is being breached, from credit card information and social security numbers to other personal information. Each day, it seems there are reports of nefarious behavior happening in our Internet / cyber world environment. Due to this, there are five questions I challenge you to consider:...

Compliance Meets The Cloud

May 21, 2013
Barb White

The clock is ticking down to Sept. 23, 2013, the HIPAA final omnibus rule deadline. If you’re a hospital or health system, do you have “reasonable and appropriate administrative, technical and physical safeguards” in place to help protect your...

3 Tips To Avoid Being Hacked On Social Media

May 8, 2013
Mario Armstrong

A couple of weeks ago, a major news service’s Twitter account was hacked, and several fake tweets not only sent ripples through the media, they impacted stocks globally. While there’s a key lesson here about the importance of social media, this...

Are You In Business To Make Money Or Lose It?

April 26, 2013
Bindu Sundaresan

Are you in business to make money or lose it? For most people, the answer to this question is a no brainer! As a security professional, I truly believe that security can impact your bottom line. It is key to protecting your most vulnerable business asset – your data. If your business has anything worth protecting, whether it’s money, intellectual property, or a trusted...

Security’s Evolutionary Theory

April 25, 2013
Steve Hurst

Security and risk awareness have been part of the lives of humans from the very earliest days. At its core, security focuses on keeping things safe.  In a business environment, complete safety can restrict access and availability, and is therefore impractical.  Focusing solely on security, without balancing associated risk, is unrealistic, as businesses need to take certain risks to grow and be profitable. Let’s look at the history of...

Cyber Attacks And Security Breaches In Healthcare

April 24, 2013
Barb White

I read almost daily in the news about cyber attacks on U.S. banks, infrastructure, government agencies, and businesses. In fact, government agencies saw a more than 650% increase in cyber security incidents from 2006 to 2010, according to the Government Accountability Office (GAO). The GAO reports that a main reason for the increase is the failure of agencies to fully implement their IT security programs....

IT Risk And Security Reward Webinar

April 19, 2013
ATT

Every day corporate networks are faced with increasingly complex threats to IT security. But there’s an entirely new approach that can help you minimize risks. It’s called “Orbital Security”—and it just might save your company’s data. Orbital Security allows you to create an IT security strategy based on the relationships your company has...

Guarding Against DDoS Attacks

April 11, 2013
ATT

The cyber-threat landscape is in a constant state of evolution. Threats and attacks are increasing in frequency and complexity. Nowhere is that more evident than in the onslaught of Distributed Denial of Service (DDoS) attacks almost constantly assaulting organizations of all sizes. IT leaders looking to...

3 Imperatives For A Successful PCI Assessment

April 9, 2013
Sherri Collis

Have you ever tried to move an object by pushing a rope? How about herding cats? Tell me if this video reminds me of your workplace. Doesn’t make much sense, right?...

The School Of Hard KNOX

April 4, 2013
Maribel Lopez

At Mobile World Congress, Samsung announced an end-to-end secure Android solution that provides security hardening from the hardware through to the application layer called KNOX. This announcement is another indication of the evolving world of security that is being driven by the adoption of mobility and...

Top 10 Security Challenges For 2013

March 29, 2013
Steve Hurst

For security professionals 2012 was a very exciting year. We saw some major changes in information security attack strategies, known as vectors, and an increase in their public visibility. Advanced Persistent Threats (APTs) became more common and mobile and wireless security came into the forefront of our...

Back To The Basics With Data Security

March 27, 2013
Bindu Sundaresan

These days, we use mobile devices for just about everything, from online purchases while we’re standing in line at the coffee shop to managing our bank accounts and storing confidential data. “Human factor” is often cited as one of the weakest links in...

The Patient’s Perspective

March 26, 2013
Barb White

The debate rages on about the viability of the cloud for the healthcare industry, mainly weighing security risks against the benefits of lower costs and improved outcomes. Private, closed systems can be Health Insurance Portability and Accountability Act (HIPAA) compliant and...

In Security And Compliance, There Are No Shortcuts

March 22, 2013
Chris Mark

I was privileged to have been able to attend the 2013 RSA event.  While catching up with old friends and meeting colleagues was exciting, seeing the new technologies being released is always the highpoint of RSA.  I am always struck by vendors promoting “today’s solution to tomorrow’s problems”.  Some of the newer solutions this year appear to be designed as “one simple fix” to the very complex problem of security....

Can Your VPN Perform These 3 Tricks?

March 19, 2013
Sander Biehn

Yahoo sure has been in the headlines lately. The interesting part of the story for me has been the spotlight on extracting worker productivity from the VPN logs. For a great synopsis and commentary, check out InfoWorld's blog by Ted Samson. Ted makes some great points about the dangers of using a single set of analytics to derive employee value. For example, not all work functions require constant VPN consumption. On the other end of the...

Security Spotlight On Consumer Packaged Goods

March 18, 2013
Bindu Sundaresan

When it comes to consumers, the experience is everything. The most successful Consumer Packaged Goods (CPG) companies are already leveraging interactive marketing and social media to drive awareness of their goods as well as their brands – and with good reason. To harness the effects of interactive marketing, social media, and the emerging technologies now available with the plethora of mobile apps and cloud computing, CPG businesses must...

Armstrong Counts on Reliable Networking for High Tech Coal Mining

March 15, 2013
ATT

Read this case study to learn how Armstrong Coal uses a converged IP VPN network to boost its operations efficiencies and productivity while providing the safest possible working environment and meeting state, federal and industry regulations....

Rogue Clouds: Your New Frenemy

Jeff Morgan

A frenemy is someone who is both a friend and an enemy, and we all know one of those. They do good work and contribute to the success of the company, but you wouldn’t take a vacation with them. Cloud services are kind of like that to IT departments. Cloud services possess the ability to speed development and deployment while saving thousands of dollars. What a great friend! But the downsides make it hard to spend much time...

The New Mobile Management Evolution

March 14, 2013
Jim Dillon

For those of you who follow the mobility space closely, you are well aware of the evolution of mobile device management (MDM).  No longer is it simply a discussion about supporting mobile devices, the conversation now includes:...

A Cultural Shift: The Basics On Cloud And Outsourcing

March 13, 2013
Dan Schmidt

As the cloud has evolved over the last several years, it is interesting to compare its evolution to that of outsourcing during the previous decade. Many companies, seeking to control expenses, sought options for traditional IT and business operations functions, such as systems development and contact/call/ fulfillment centers....