Blog Posts Tagged with "Data Classification"


OPSEC: Is the Juice Worth the Squeeze?

September 06, 2012 Added by:Joel Harding

In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?

Comments  (0)


Why Data Security and Enterprise Risk Management are Important

August 28, 2012 Added by:Christopher Rodgers

Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...

Comments  (0)


BYOD: Challenges of Protecting Data - Part Three

August 06, 2012 Added by:Rafal Los

BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...

Comments  (0)


BYOD: Challenges of Protecting Data - Part One

July 30, 2012 Added by:Rafal Los

Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...

Comments  (1)


Another Angle on Big Data

July 22, 2012 Added by:Tripwire Inc

Today, we don’t have the concept of “knowledge security,” but should we begin considering that moving forward? Given that we are moving, quite quickly, into a knowledge-based orientation, what are the implications for “information security?” Are there any? Does this perspective even matter?

Comments  (0)


Ensuring Data Integrity via Checks, Tests, and Best Practices

June 04, 2012 Added by:Fergal Glynn

As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...

Comments  (0)


Why Do You Need Privileged Identity Management?

April 30, 2012 Added by:DHANANJAY ROKDE

Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...

Comments  (0)


The Fort Knox Approach to Security

April 23, 2012 Added by:PCI Guru

Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...

Comments  (0)


Data Classification: Why it is Important for Information Security

April 02, 2012 Added by:Christopher Rodgers

Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...

Comments  (0)


Manage Risk Before it Damages You - Part Two

April 01, 2012 Added by:Neira Jones

For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...

Comments  (2)


Data Classification and Controls Policy for PCI DSS

March 01, 2012 Added by:Danny Lieberman

The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...

Comments  (0)


Ten Steps to Protect Your Organization's Data

January 13, 2012 Added by:Danny Lieberman

Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...

Comments  (0)


Skype in the Enterprise: Is Your Security Program Ready to Chat?

November 27, 2011 Added by:Brandon Knight

Beside the fact that it's possible to have a bit more confidence in how Skype traffic is encrypted, is there enough information now to make a fully-formed risk decision on whether or not to use Skype? It's useful to step back and evaluate the fuller picture in the context of your existing operations...

Comments  (0)


Avoid Becoming a Security Statistic

October 12, 2011 Added by:Konrad Fellmann

Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...

Comments  (0)


You Can't Buy DLP

June 13, 2011 Added by:Boris Sverdlik

To implement a data loss solution, you must take a holistic approach to identify the problem, threat vectors and vulnerabilities. You must understand where your sensitive data lives within your organization. This can’t be done with a tool, regardless of how good they claim it is...

Comments  (3)


To DLP or not to DLP - Data Leakage/Loss Prevention

January 19, 2011 Added by:kapil assudani

DLP solutions address only a subset of data leakage issues and only help enforce “acceptable use” policies and processes with a number of limitations. They do not prevent information security related data leakage issues like external malicious attackers...

Comments  (2)

Page « < 1 - 2 > »