There Is No Perimeter
Last week I mentioned the myth of the “network perimeter” and alluded to the futility of trying to secure it, and I wanted to expand on that theme a little more. I frequently find myself working with IT staff that have a mentality of “us vs. them” or “inside the perimeter vs. outside the perimeter” concept of security. I strongly believe that there needs to be a paradigm shift in thinking from the perimeter based view to one of embedding... [Read More...]
Your Network Is Less Secure Than the Internet!
I frequently have conversations with clients who struggle to understand the need for security controls on internal infrastructure, or why the mandates of certain regulations are important. I get blank looks often phrases like “but it’s behind our firewall” or “that’s not reachable from the Internet”. There is a pervasive, and fallacious, belief that the Internet is some sort of wild middle-ages like kingdom full of marauding Huns and... [Read More...]
Who’s responsible for the costs of credit card theft?
A recent article in Information Week briefly discusses last weeks reversal by a federal appeals court of a lower court’s order that credit card processor Fifth Third Bancorp did not have to pay for new credit cards for some cardholders whose data was stolen during a 2004 hacking incident at BJ’s Wholesale Club. The suit was originally brought by the Pennsylvania State Employees Credit Union. Essentially it goes like this. In 2004 BJ’s Wholesale... [Read More...]
Why is organizational spend ineffective at reducing information security risk?
In this InformationWeek article, Mike Fratto discusses some reasons why even though 95% of IT security groups see their budgets either hold steady or increase this year, over 65% of them say that their organizations are at greater risk. Mike asks “Since when is `no worse than before’ an acceptable return on investment?” This is a message that Information Defense Corporation has been carrying to our clients for some time. Our collective experience... [Read More...]
