-
Inadvertent disclosure: Knowing the risk
Things to consider when an employee releases sensitive data -- intentionally or not
-
Viewpoint: When it comes to enterprise security, is it better to focus on compliance or risk?
A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
-
SSH key mismanagement and how to solve it
In 1995, when I was a university student in Helsinki, I developed a security protocol to protect data-in-transit as it moved throughout our network. I named it the "secure shell," or SSH for short. Today, SSH is used by organizations of all types and sizes as a secure method to move data from machine to machine and provide remote administrator access. From the perspective of an attacker or malicious insider, SSH is an artery that carries vital organizational data.
-
PCI Council Releases Guidelines for Cloud Compliance
A new set of guidelines from the PCI Security Standards Council is intended to help merchants and cloud services providers comply with the PCI DSS when handling payment card data on the web.
-
Startup service targets electronic workplace compliance, training
Startup Convercent officially debuted today with a software-as-a-service (SaaS) offering that lets employers make available to employees in electronic form, via computer or mobile device, the workplace ethics and compliance terms the business supports.
-
Where is Your Cloud? Four Compliance Best Practices
If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.
-
Is Compliance in the Cloud Possible?
There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.
-
The Dangers of Over-Reliance on Compliance
Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.
Whitepapers about compliance
-
Compliance, Control, Cost and Consumerisation
In this whitepaper, Strategy Analytics present their findings on the security and TCO of major mobile platforms. Find out what businesses can learn from the public sector about best practice in mobile enterprise management. Click to view.
-
PCI DSS 2.0: The Challenge With Compliance and Security in a Virtual World
-
Enterprise Governance, Risk and Compliance: A New Paradigm to Meet New Demands
-
Three simple steps to better patch security
Get exclusive access to CSO, invitation only events, reports & analysis. 
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
