Blog Posts Tagged with "Data Classification"
OPSEC: Is the Juice Worth the Squeeze?
September 06, 2012 Added by:Joel Harding
In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?
Comments (0)
Why Data Security and Enterprise Risk Management are Important
August 28, 2012 Added by:Christopher Rodgers
Management sometimes assumes that when they have identified and summarized the top risks to their organization through a Strategic Risk Assessment, that they have implemented ERM. This is simply not the case. Strategic Risk Assessment is an important component of ERM and usually a starting point, but not a final destination...
Comments (0)
BYOD: Challenges of Protecting Data - Part Three
August 06, 2012 Added by:Rafal Los
BYOD is going to take the many small holes in your environment and drive a semi truck through them... blowing a hole the size of a Buick in what security we have now. And it's not just because BYOD is going to happen whether you like it or not - but because we need to fix this train wreck we call corporate security...
Comments (0)
BYOD: Challenges of Protecting Data - Part One
July 30, 2012 Added by:Rafal Los
Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...
Comments (1)
Another Angle on Big Data
July 22, 2012 Added by:Tripwire Inc
Today, we don’t have the concept of “knowledge security,” but should we begin considering that moving forward? Given that we are moving, quite quickly, into a knowledge-based orientation, what are the implications for “information security?” Are there any? Does this perspective even matter?
Comments (0)
Ensuring Data Integrity via Checks, Tests, and Best Practices
June 04, 2012 Added by:Fergal Glynn
As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...
Comments (0)
Why Do You Need Privileged Identity Management?
April 30, 2012 Added by:DHANANJAY ROKDE
Most access provided is typically role-based. However, many forget to consider factors like data classification and ownership. Network, system and database managers get access to what they are responsible for, but there are five questions that need to be asked...
Comments (0)
The Fort Knox Approach to Security
April 23, 2012 Added by:PCI Guru
Most of you are protecting everything with equal rigor. Does everything need to be protected with the same thoroughness? Probably not and that is what makes infosec a difficult occupation. We neglect to delineate what needs the most protection and what does not need as much or any...
Comments (0)
Data Classification: Why it is Important for Information Security
April 02, 2012 Added by:Christopher Rodgers
Once you know which data needs the most protection, you can properly allocate funds and resources to defend those assets. Employing a proper data classification scheme is cost effective, as it allows a business to focus on protecting its higher risk data assets...
Comments (0)
Manage Risk Before it Damages You - Part Two
April 01, 2012 Added by:Neira Jones
For a CISO to be successful, they need not only to be prepared to eliminate redundant services and controls (ouch!), but also to promote the elimination of redundant assets which they will invariably not own. Enter the political CISO...
Comments (2)
Data Classification and Controls Policy for PCI DSS
March 01, 2012 Added by:Danny Lieberman
The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...
Comments (0)
Ten Steps to Protect Your Organization's Data
January 13, 2012 Added by:Danny Lieberman
Despite claims that protecting data assets is strategic to an enterprise, and IT governance talk about business alignment and adding value – my experience is that most organizations will not do anything until they’ve had a fraud or data security event...
Comments (0)
Skype in the Enterprise: Is Your Security Program Ready to Chat?
November 27, 2011 Added by:Brandon Knight
Beside the fact that it's possible to have a bit more confidence in how Skype traffic is encrypted, is there enough information now to make a fully-formed risk decision on whether or not to use Skype? It's useful to step back and evaluate the fuller picture in the context of your existing operations...
Comments (0)
Avoid Becoming a Security Statistic
October 12, 2011 Added by:Konrad Fellmann
Some organizations hoard data, but have no idea why. A business owner needs to figure out why the data needs to be kept, who will use the data, and how long it needs to be kept for business, legal or contractual reasons. Once defined, IT can implement proper controls to protect the data...
Comments (0)
You Can't Buy DLP
June 13, 2011 Added by:Boris Sverdlik
To implement a data loss solution, you must take a holistic approach to identify the problem, threat vectors and vulnerabilities. You must understand where your sensitive data lives within your organization. This can’t be done with a tool, regardless of how good they claim it is...
Comments (3)
To DLP or not to DLP - Data Leakage/Loss Prevention
January 19, 2011 Added by:kapil assudani
DLP solutions address only a subset of data leakage issues and only help enforce “acceptable use” policies and processes with a number of limitations. They do not prevent information security related data leakage issues like external malicious attackers...
Comments (2)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider