The largely accepted view and standard is that the protection of information assets is a technology function and hence in many organizations all “controls” are within the area of Information Technology.

While technology is an important aspect of any information security program strategy, it is at best only one of three legs of the footstool. Many information compromises start with threats that arise from weak procedures, and may include intentional or unintentional human acts.

Social engineering is the act of obtaining confidential information through the “art of deception”.  Most people have heard of or experienced phishing attacks through email.  The email entices the recipient to visit a website that downloads malicious software to the user PC or tricks the individual into providing sensitive information such as login credentials to business or personal accounts.

Vishing attacks, which are social engineering exploits delivered by phone, are frequently launched against customer service departments, help desks, and other business functions within corporations.  With caller identification easily spoofed and displaying the desired inbound number on the recipient’s display, the attacker poses as someone they are not in attempt to extract sensitive information.    The goal of the attacker may be to gain access to the company’s infrastructure, bank accounts, personal and private information or a variety of other reasons.  It is hard to image how technology can prevent such attacks if the employee is unaware and untrained.

Organizations that fail to look at risk to their information assets from a global perspective by analyzing business processes, identifying potential exposures, and determining the necessary controls to protect their information assets run a high risk of repeat and long-term compromise by both insiders and external attackers.

A well-balanced plan integrates risk management principles and focuses on a blend of preventative, detective and response measures across people, process and technology.   Establishing a plan starts with awareness at the business leadership level, analysis of the threats, and the development robust business-centric mitigation strategies.    While all compromises cannot be prevented, an organization that prepares will detect malicious activity sooner, limit exposure, protect its brand, and recover in a precise preplanned manner

Reputation Communications June 2010 Newsletter

“Organized crime, foreign government sponsored espionage, and employees with a growing sense of entitlement are all part of the growing menace that companies must recognize and address”, said Mr. Schmidt.  ”In order to begin to move forward organizations must start with the engagement of their governance and executive management teams.  Risk management principles must apply beyond the standard technology purview”.

The event was well attended by ASIS security professionals and a larger variety of vendors.  The event was the ASIS NYC 20th annual event.

We are seeing increased losses from having insufficient detective resources and data loss prevention strategies in place to stop such action.

Often evidence is either wiped (cleaned) by perpetrators, overwritten by continued use of resources insufficient backup procedures, misdiagnosed by first responders, or action delayed due to many reasons.  Overtaxed IT organizations and insufficient preparations are at the core of much of what we are seeing.

We are seeing losses within both large and small organizations from external attacks, employee theft, business partners and disgruntled former employees.

Information Defense continues to help organizations prepare, prevent and respond to cyber crime.  We offer a variety of solutions such as risk assessments, vulnerability and penetration testing, compliance advisement, incident response, and forensic investigations.

It is critical that organizations prepare for the potential of secure data and information compromise and remain ready to respond with comprehensive information security incident response teams that include a broad representation and participation from the organization.

Contact us to understand more how our expert team can assist your organization.

We have been helping a variety of Bay Area organizations prepare for PCI compliance initiatives, strengthen the security of their applications and networks, as well as to implement various risk mitigation strategies including comprehensive threat assessments against the organization’s digital assets.

We are seeing Silicon Valley companies begin to take steps to address internal network and application vulnerabilities and a growing comprehension of the negative consequences that can stem from these internal issues.

Information Defense offers a variety of solutions such as risk assessments, vulnerability and penetration testing, compliance advisement, incident response, and forensic investigations.

Organizations must not underestimate the threats that exist from both internal and external vectors and must ensure that they continue to build on the organization’s ability to prepare, prevent and respond to theft of information assets.

Contact us to understand more how our expert team can assist your organization.

There are a growing number of sophisticated organized crime groups and government sponsored espionage efforts which threaten intellectual property, credit card data and private and personal information. Ongoing wars and bitterness over the economy also leave companies, particularly American companies, increasingly vulnerable to information theft by employees, cyber intrusion and other malicious targeted attacks.

“Now more than ever, it is vital that companies take the necessary steps to insure that their IT and physical security programs are as good as they can be,” says Don Aviv, CPP, PSP, PCI, the COO and Physical Security Director of Interfor, Inc. “With that in mind, we are very excited about the new services and opportunities that we can offer our clients through our partnership with IDC.”

“Combining the investigative and physical security consulting strengths of Interfor along with our team of information security experts adds significant depth which complements each of our business offerings and will provide tremendous value back to the marketplace. We are fortunate to have established this business relationship,” said Philip L. “Phil” Hayden, Information Defense Corporation’s CEO.

Joining the talents of Interfor and InfoD creates a unique amalgamation of resources that can effectively address the complex technology, investigative, legal and law enforcement issues surrounding the theft and manipulation of proprietary information and infrastructures. The partnership will offer its clients comprehensive strategies and solutions to effectively deal with the onslaught of global espionage and organized crime-based attacks against public and corporate resources.

About Information Defense Corporation

Information Defense Corporation is dedicated to reducing the risk of cyber crime and its disruptive impact on our customers, business partners and consumers. Information Defense provides the highest quality innovative approaches to identifying and securing critical business assets, intellectual property, and other competitive information and is a leading investigative firm specializing in incident response and forensic investigations of cyber crime. More information can be found at www.defend-info.com or contact Marty Schmidt at mschmidt@defend-info.com

About Interfor Inc

Founded in 1979, Interfor, Inc. is an international investigation firm offering comprehensive domestic and foreign intelligence services to the legal, corporate and financial communities. Interfor is staffed by highly skilled investigators and fraud examiners, many of whom have been associated with government, defense, and intelligence agencies worldwide, including the British Secret Service, Israeli intelligence, various European agencies, and the United States CIA, DEA and FBI agencies. More information on Interfor can be found at www.interforinc.com or contact Don Aviv at don.aviv@interforinc.com.

SOURCE: Information Defense Corporation

NEW YORK, March 16 /PRNewswire/ — Veteran radio and TV investigative reporter, author and columnist Diane Dimond recently interviewed Information Defense Corporation’s Marty Schmidt to discuss the issues facing the home based computer user and the dangers surrounding their personal and private information. As a follow up to the interview Diane authored a column, “What NOT To Do With Your Tax Return” which can be found at www.dianedimond.net .

“While the media focuses on large scale corporate information theft the average person is subject to cyber crime on a very personal level. I want those who read my column to understand that there are risks associated with using their home computer which can lead to credit card fraud, theft of banking funds, and worse yet identity theft,” noted Dimond.

“I am pleased to have had the opportunity to speak with Ms. Dimond and appreciate her interest in reporting on the latest wave of crime affecting not only the Fortune 500 but the average individual,” said Marty Schmidt, EVP and co-Founder of Information Defense. Information Defense serves a variety of large and medium sized corporations assisting them to defend against and recover from cyber crime. The firm frequently investigates large scale information compromises.

About Information Defense Corporation

Information Defense Corporation is dedicated to reducing the risk of cyber crime and its disruptive impact on our customers, business partners and consumers. Information Defense provides the highest quality innovative approaches to identifying and securing critical business assets, intellectual property, and other competitive information and is a leading investigative firm specializing in incident response and forensic investigations of cyber crime. More information can be found at www.defend-info.com .

About Diane Dimond

A veteran investigative news reporter and journalist Diane has been in the national news media spotlight for more than 25 years. Diane has been a correspondent for CBS, FOX, among others delivering her hard hitting stories for “A Current Affair”, “Hard Copy”, and “Extra”. She has anchored shows for CNBC, MSNBC, Court TV and the Fox News Channel. Ms. Dimond authored the book “Be Careful Who You Love: Inside the Michael Jackson Case, published by Simon and Schuster. Diane writes a nationally syndicated weekly crime and justice newspaper column. More information on Diane and her work can be found at www.dianedimond.net .

SOURCE: Information Defense Corporation

NEW YORK, Sept. 4 /PRNewswire/ — InformationDefense Corporation, the premier provider of innovative information security strategies and services for the leading global and mission critical organizations announces the release of its RiskInformer™ Solution. The InformationDefense Corporation RiskInformer™ Solution provides a comprehensive and unique approach to identifying and measuring the risk potential to critical business assets that are subject to electronic theft, manipulation, or other malicious activity.

RiskInformer™ is being introduced at a critical time to address the persistent and growing information security requirements of the marketplace. Key senior business leaders must be engaged in the risk process and drive mitigation strategies to secure key business information assets. “RiskInformer™ enables executives and their business teams to identify the key assets and the risks imposed by people, process and technology and to drive meaningful and effective mitigation strategies,” said Philip L. “Phil” Hayden, Chief Executive Officer, IDC.

The threats imposed by government sponsored espionage, organized crime, and sophisticated individuals continues to grow in numbers and magnitude. RiskInformer™ enables forward thinking organizations to strategically identify key assets and measure potential risk across the entire business landscape going beyond traditional technology based approaches. “RiskInformer™ has been developed from years of experience in the information security space, responding to incidents, conducting forensic analysis, and analyzing the affected organizations. RiskInformer™ fills the gap between executive and technology teams,” said Martin C. Walker, Chief Technology Officer, InformationDefense Corporation.

Additional information regarding RiskInformer™ may be obtained by calling InformationDefense at 732-784-1809 and asking for Marty Schmidt.

About InformationDefense Corporation

InformationDefense Corporation is dedicated to reducing the risk of cyber-crime and its disruptive impact in the marketplace. IDC provides innovative approaches to identifying and securing business assets, intellectual property and other invaluable electronic information stolen through social, network based hacking, and other means, by foreign espionage, organized crime, internal accomplices and others. More information on InformationDefense can be found on the web at http://www.defend-info.com/

SOURCE: InformationDefense Corporation

CONTACT: Marty Schmidt, +1-732-784-1809, of InformationDefense

“Our ability to attract this prestigious and uniquely qualified group of industry experts further validates our strategic direction, vision, and solutions. These exceptional individuals add significant depth to our organization and our ability to serve the marketplace,” said Philip L. “Phil” Hayden, Chief Executive Officer, IDC.

Effective immediately the following individuals are appointed to the Board of Advisors:

Mr. Lewis Shealy, Jr., Former VP of Loss Prevention, Asset Protection and Safety for Eckerd Corporation. Mr. Shealy is an industry recognized innovator having revolutionized retail security and asset protection methods. Mr. Shealy served our military and federal intelligence services for a number of years and continues to be a leading voice in the retail marketspace.

Mr. J. David Gibbs, Managing Director and General Counsel of Alacrity, a leading provider of services to the insurance industry. Mr. Gibbs in an innovative insurance executive and former President and CEO for Travelers Property Casualty Corp, and is an expert in the areas of risk and asset protection.

Mr. Peter Boyle, Senior Vice President Technology at NYSE Euronext. Mr. Boyle is a technology executive currently responsible for the management of the NYSE Trading Floor Support, corporate development, and infrastructure support environments. Mr. Boyle is an industry expert and thought leader serving the financial services space.

Mr. Scott Alswang, Senior Vice President — SOS Security and retired US Secret Service Agent. Mr. Alswang is a security expert having organized protective advances integrating physical, electronic and intelligence gathering techniques. Mr. Alswang has served US Presidents, Heads of State, Dignitaries, and high profile Corporate Executives on a global scale and is a highly recognized expert.

About Information Defense Corporation

Information Defense Corporation is dedicated to reducing the risk of cyber-crime and its disruptive impact in the marketplace. IDC provides innovative approaches to identifying and securing business assets, intellectual property and other invaluable electronic information stolen through social, network based hacking, and other means, by foreign espionage, organized crime, internal accomplices and others. More information on Information Defense can be found on the web at http://www.defend-info.com/

SOURCE: Information Defense Corporation

CONTACT: Philip L. Hayden of Information Defense Corporation,
+1-404-202-5908, phayden@defend-info.com