Browsing Category: Compliance

Categories: Compliance

The Internet as we know it today was designed to be a place where people could go about their business, whatever it happened to be, anonymously and without interference from other users. This model worked reasonably well for a long time, but it’s become painfully clear in recent months that some fundamental changes are needed in the way people use the network and, more importantly, how their PCs are allowed to behave.

Read more...

Categories: Compliance

From SearchMidmarketSecurity (Mike Chapple)

Many SMB IT administrators face a serious challenge when it comes to delivering serious security to their users. They may not have the budget or expertise they need and outsourcing can be expensive and troublesome if it’s not approached in the right way. As Mike Chapple writes on SearchMidmarketSecurity.com, asking a few key questions up front can be the difference between success and failure.

Read more...

Categories: Compliance

From DarkReading (Tim Wilson)
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves [darkreading.com] from insider threats, according to two new analyst reports.
Although 88 percent of the respondents to a Forrester Research study said they consider data security a “challenging issue,” some 40 percent of respondents said they had no interest in, no plans for, or no knowledge of emerging tools for information leak protection.  Read the full story [darkreading.com]  See related story from Matt Hines [eweek.com]

Read more...

Dennis Fisher t[img_assist|nid=2479|title=|desc=|link=none|align=right|width=100|height=100]alks to Adam Shostack of Microsoft, about the evolution of thinking around “The New School of Information Security,” his new group blog and what surprised him most when he went to work at Microsoft.

Read more...

Dino Dai Zovi has gained a reputation as one of the top Apple security researchers in the industry and is the author of a new book on Apple security, “The Mac Hacker’s Handbook.” In this interview, he talks about the state of Apple security, why the company hasn’t implemented better memory protections and his ‘no more free bugs’ meme.

Read more...

Categories: Compliance

By Andrew Jaquith
Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.
Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization. Read the full story [csoonline.com]

Read more...