Managing Your PCI Audit (Part 1)

Managing Your PCI Audit & Compliance Blog! By Michael Nelson – PCI Practice Manager PCI DSS compliance has now become a household name for security and IT departments worldwide, potentially having significant impact on those organizations that store or process credit cards. According to the PCI Security Standards Council “All merchants, whether small or large, need to be PCI compliant.” While the security requirements are the same for all... [Read More...]

Ensuring Employee Security During Layoffs

A poorly organized termination process can lead to major IT and physical security problems.  As many companies have transitioned to a mobile workforce, and vendor supported access, increasing numbers of people have remote access to sensitive and proprietary information.  Companies that fail to cancel subscriptions, passwords, accounts and retrieve blackberries, PDAs and laptops leave themselves open to a major security breach. As a result, proprietary... [Read More...]

What Your Employees Know About Your Business

What your employees know about your business might keep you up at night if you really thought about it.  In some cases the employee may have greater targeted knowledge or access to data than the owners, principals, executive team, or directors. What your employees know about your business may be of strategic value and provide that competitive edge.  It may be the special sauce that took the company years to develop and it may walk out the door prior... [Read More...]

Your Network Is Less Secure Than the Internet!

I frequently have conversations with clients who struggle to understand the need for security controls on internal infrastructure, or why the mandates of certain regulations are important.  I get blank looks often phrases like “but it’s behind our firewall” or “that’s not reachable from the Internet”. There is a pervasive, and fallacious, belief that the Internet is some sort of wild middle-ages like kingdom full of marauding Huns and... [Read More...]

Government Reports Computer Spies Breach Fighter Jet Project

According to the Wall Street Journal’s  Siobhan Gorman, August Cole, and Yochi Dreazen,  computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project.   This is the  Defense Department’s costliest weapons program ever, how can this be?  Tell me its not true. Was 9/11 not enough of a wake up call?  The events of that day cast doubt on the US government’s ability to protect its people.   Now... [Read More...]

Cybersecurity Rules for Private Networks Proposed

According the the Washington Post and reporters Joby Warrick and Walter Pincus “Senate Legislation Would Federalize Cybersecurity, April 1, 2009″ there is a new Senate Bill which proposes mandatory security standards for private industry.  The legislation, co-sponsored by Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) and Sen. Olympia J. Snowe (R-Maine), was drafted with White House input. It is my opinion that this is nothing... [Read More...]

Is Your Critical Business Information Safe?

Recent news indicates that two large payment processors have become the victims of electronic compromise. According to RBS WorldPay in a press release the company states “Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed”. Heartland in a statement to the public indicated that it contacted more... [Read More...]

Loose Lips Sink Ships…and Maybe Companies Too

I’m sure we all remember growing up being told by parents, teachers, and others to be careful of what we say and who we say it to.   World War II GIs were taught “Loose Lips Sink Ships”.  These sage words ring true today.  Business environments are highly competitive, rich in proprietary data, and intricately dependent on the actions of its employees and business partners. While the use of Information Technology has enabled organizations... [Read More...]

Why is organizational spend ineffective at reducing information security risk?

In this InformationWeek article, Mike Fratto discusses some reasons why even though 95% of IT security groups see their budgets either hold steady or increase this year, over 65% of them say that their organizations are at greater risk. Mike asks “Since when is `no worse than before’ an acceptable return on investment?” This is a message that Information Defense Corporation has been carrying to our clients for some time. Our collective experience... [Read More...]

« Previous Page