- Seven technology predictions for 2014
- Blue Cross: 840,000 healthcare records at risk after laptop theft
- French Treasury accidentally signs SSL certificate for Google.com domains
- Transform IT security process into business action, CSOs advise
- Symantec walks away from managed firewall and endpoint services
Tony Hayes, ISACA international president, talks about the trends that CIOs should prepare for, and the "inexcusable" high rate of failed ICT projects.
A survey of IT executives and IT pros paints a disturbing picture of BYOD. That picture includes a lack of confidence in compliance with federally mandated regulations, a fear that sensitive data is at risk and uncertainty about the overall effectiveness of BYOD.
Dennis Technology Labs, the London-based organisation which runs tests to evaluate anti-virus software, yesterday released its latest test results on products for three distinct product segments--enterprise, home and small-to-mid-sized business (SMB). Its tests are not sponsored by vendors, the lab says.
Things to consider when an employee releases sensitive data -- intentionally or not
A CIO once quipped, "Security isn't hard, compliance is." And in fact many companies focus their security efforts on meeting compliance requirements. But if you are audit compliant, have you in fact addressed all of your risks, or are you just kidding yourself? Is it better to focus on the risks presuming that doing so will cover you off on the compliance side? Network World Editor in Chief put the question to two practitioners, both of whom come down on the side of risk.
IT, security and compliance experts discuss the biggest issues facing companies these days -- and what steps organizations can take to minimize potential regulatory compliance risks and security threats.
If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.
There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.
Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.
Whitepapers about compliance
Following the Big Data explosion, organizations are left grappling with how best to retain, access, discover and ultimately delete content in compliance with evolving regulations. Legal teams are now tasked with making accommodations for Big Data in the already expensive eDiscovery process. All this data can be a huge asset, but without a modern management strategy, it can also be a huge liability. This white paper demonstrates why an holistic approach to information management means big benefits in cost reduction and risk management for legal and compliance teams.
Sign up now »
Proactive web security that blocks threats in the cloud before they reach users’ machines, or enter customers’ networks.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.