Why cyber security is important in 2013

Today more than at any time in the past we are committed to using the Internet for almost all our business and social needs. Never before have we been so interconnected on such a global scale. Whilst on the one hand this has been enabling and super convenient it has on the other hand exposed us to the risk of fraud or other forms of malicious use of our computer systems on a scale previously unheard of. There have been numerous surveys and reports... [Read More...]

Balancing The Information Security Program

The ability to create, transmit, and store information far exceeds the ability to secure it.  The continued assault on information assets is being perpetrated through sophisticated scams devised by organized crime, foreign government espionage groups, employees, contractors and others. The largely accepted view and standard is that the protection of information assets is a technology function and hence in many organizations all “controls”... [Read More...]

Rising Threat from Cyber Attacks

The threat from cyber attacks is on the rise.  On Friday, the Wall Street Journal reported that 2,411 companies had been the victims of a hacking operation that was part of an 18-month global attack that exposed vast amounts of personal and corporate secrets and intellectual property to theft. The attacks, which originated in Europe and China, targeted major corporations and government agencies including pharmaceutical giants Merck & Co. and... [Read More...]

Cyber Security Is First The Lawyer’s Responsibility To Corporate Clients

At first blush this proposition seems counterintuitive.  Isn’t cyber security the domain of the corporation’s CIO?  Let’s not be mistaken the CIO or CISO play major roles but the answer still is No. Three critical reasons why include: (1) the CIO can neither create nor maintain the attorney client privilege without general counsel’s direction of the corporation’s cybersecurity efforts; (2) for the same reasons, general... [Read More...]

Controlling Risk to Information Assets – Cyber & Data Security in the Workplace

Is information security an afterthought in your business?  At what point is security considered? Now being a technologist you might answer that it is at the forefront of your activities and that’s great but for the business people at what point does it enter the business discussion?  Chances are it doesn’t. The reason I raise the question is simple.  Effective security should be core to business operations and culture, not a bolt on application,... [Read More...]

Government IT & Cyber Security Compliance & Regulation Not Enough – The Case for Effective Risk Management

Balancing Government compliance, regulation and security initiatives while helping define and drive your priorities and timelines to manage what can be enormous investments – risk management practices and principles supporting today’s information rich, connected, online present organizations. I am amazed at the number of organizations that continue to take either a lax, or too narrow approach in protecting information assets. I am certain... [Read More...]

Managing Your PCI Audit (Part 2)

Welcome back to our Managing Your PCI Audit & Compliance Blog! By Michael Nelson – PCI Practice Manager See here for Managing your PCI Audit & Compliance blog part 1 By now your organization has chosen a Qualified Security Assessor (QSA) who will be performing PCI compliance assessments, but now when do you schedule the on site visit for the QSA? The answer is simple; once the organization is prepared. As discussed prior in Managing Your... [Read More...]

Preparing for the FACTA Red Flags Rule

Perhaps you have heard about new regulations that the Federal Trade Commission (FTC) has proposed for some time now called the Red Flags Rule.  The Red Flags Rule stems from The Fair and Accurate Credit Transaction Act of 2003 (FACTA).  As of this writing the mandate will be enforced beginning November 1, 2009. FACTA added sections to the Federal Fair Credit Reporting Act intended primarily to help consumers fight the growing crime of identity theft.... [Read More...]

Managing Your PCI Audit (Part 1)

Managing Your PCI Audit & Compliance Blog! By Michael Nelson – PCI Practice Manager PCI DSS compliance has now become a household name for security and IT departments worldwide, potentially having significant impact on those organizations that store or process credit cards. According to the PCI Security Standards Council “All merchants, whether small or large, need to be PCI compliant.” While the security requirements are the same for all... [Read More...]

Ensuring Employee Security During Layoffs

A poorly organized termination process can lead to major IT and physical security problems.  As many companies have transitioned to a mobile workforce, and vendor supported access, increasing numbers of people have remote access to sensitive and proprietary information.  Companies that fail to cancel subscriptions, passwords, accounts and retrieve blackberries, PDAs and laptops leave themselves open to a major security breach. As a result, proprietary... [Read More...]

Next Page »