Blog Posts Tagged with "Danny Lieberman"
The Threat Is Real and Must Be Stopped: Clarifications And Rebuttal by an INFOSEC Professional DRAFT II
October 22, 2012 Added by:Infosec Island Admin
So far though Senator Lieberman I have only seen gross generalities out of you and others about how dire things are and how scared we all should be. Your hue and cry ultimately lacks any hard evidence for any of us to stand behind as that the issue is real and it is so prescient that action must be taken post haste...
Comments (0)
Applications vs. the Web: Enemy or Friend?
March 16, 2012 Added by:Danny Lieberman
A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...
Comments (0)
Data Classification and Controls Policy for PCI DSS
March 01, 2012 Added by:Danny Lieberman
The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...
Comments (0)
Log Management: Debugging Security
February 18, 2012 Added by:Danny Lieberman
Logs are key to security management not only for understanding what and why an event happened but also in order to prove regulatory compliance. The business requirements are that security logs should be both relevant and effective...
Comments (0)
Encryption: A Buzzword, Not a Silver Bullet
February 16, 2012 Added by:Danny Lieberman
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider four encryption components on the server side: passwords, tables, partitions and inter-tier socket communications...
Comments (0)
Build Your Security Portfolio Around Attack Scenarios
February 14, 2012 Added by:Danny Lieberman
In the current environment of rapidly evolving types of attacks - hacktivisim, nation-state attacks, credit card attacks mounted by organized crime, script kiddies, competitors and malicious insiders and more - it is essential that IT and security communicate effectively...
Comments (1)
Why Data Leaks
February 13, 2012 Added by:Danny Lieberman
The main reason is people. People handle electronic data and make mistakes or do not follow policies. People are increasing conscious that information has value – all information has some value to someone and that someone may be willing to pay...
Comments (0)
Why Data Security Regulation is Bad
February 11, 2012 Added by:Danny Lieberman
The government knee-jerk reaction in the face of a data breach is to create more compliance regulation. Security by compliance does not improve security, since attackers can reverse-engineer the minimum requirements in a standard to look for holes in a company’s defenses...
Comments (0)
Insecurity by Way of Compliance
February 08, 2012 Added by:Danny Lieberman
The US leads in data security breaches while the EU leads in data security. The EU has strong, uniform data security regulation, whereas the US has a quilt-work of hundreds of security directives where each agency has it’s own system for data security compliance...
Comments (2)
The Valley of Death Between IT and Security
February 03, 2012 Added by:Danny Lieberman
Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?
Comments (0)
Enterprise Disaster Recovery Planning
February 02, 2012 Added by:Danny Lieberman
DR planning is not about writing a procedure, getting people to sign up and then filing it away somewhere. The disaster recovery plan is designed to assist companies in responding quickly and effectively to a disaster in a local office and restore business as quickly as possible...
Comments (0)
Best Ways for Businesses to Prevent Data Breaches
February 01, 2012 Added by:Danny Lieberman
Most security breaches are attacks by insiders and most attackers are trusted people that exploit software system vulnerabilities (bugs, weak passwords, default configurations etc…). Neither security awareness nor UAC are effective...
Comments (0)
Compliance and Security Trends
January 29, 2012 Added by:Danny Lieberman
Information security and risk analysis is complex stuff, with multiple dimensions of people, software, performance, management, technology, assets, threats, vulnerabilities and control relationships. This is why it’s hard to sell security to organizations...
Comments (1)
Security is in the Cracks
January 26, 2012 Added by:Danny Lieberman
In preparing to implement an application for financial management, CRM, data mining or ERP, something in the back of your mind probably says the vendor’s development organization is not a lot different than yours - though you hope they’ve thought through the security issues first...
Comments (0)
The Death of Antivirus Software
January 23, 2012 Added by:Danny Lieberman
Who needs an anti-virus? If I have a solid operating system like Ubuntu 11.10, IP tables, good control of the services on my notebook and practice safe email, why should I add additional layers of content security and feed the Symantec stock price?
Comments (12)
Healthcare Data Interoperability Pain
January 18, 2012 Added by:Danny Lieberman
Imagine vendor-neutral, standard middleware for EHR applications that would expose data for patients and doctors using an encrypted Atom protocol – very simple, very easy to implement, easy to secure and with very clear privacy boundaries...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider