Tag: malware

Sailing the 7 C’s of security monitoring

What is it your mom used to say? “A watched pot never boils.” This might be true, but a watched pot also never spills; it never allows your younger sister to stick her hand in the hot water; prevents Uncle Jack from tasting before dinner is ready; and if something unforeseen happens, there is time to mitigate the problems. One of the established best practices in InfoSec is monitoring. People, products and companies get paid a great deal of money and expend a great deal

Adaptive Risk: Making sure you are who you say you are

Does this sound familiar? Ann, sitting at her desk eating lunch, is surfing the Net. She checks her personal Yahoo email account and sees a message from a purported survey company asking her about her music preferences. She opens the email and takes the survey. Seems harmless enough, but what Ann doesn’t know is that this survey company doesn’t exist  and embedded in some of the survey prompts  hid an undetected botnet that downloaded onto her desktop. This nasty bugger can record her keystrokes and

Preventing Data Leakage: Proactive Security from the Cloud

In business, data is currency. It is the oil that keeps the commercial engine in motion and databases are the digital banks that store and retrieve this valuable information. And, according to IDC, data is doubling every two years. But as the overall amount of data grows, so does the amount of sensitive and regulated data. All this data stored by enterprises requires high levels of security. Presently (again, according to IDC) only about a quarter of that data is being properly protected now. Like

The Cloud Guide to PCI Compliance for Retailers

One of the key drivers to IT security investment is compliance. Several industries are bound by various mandates that require certain transparencies and security features. They are designed to mitigate aspects of risk including maintaining the sacrosanctity of customer information, financial data and other proprietary information. One such affected vertical is retail. No matter if you’re Wal-Mart or Nana’s Knitted Kittens, if you store customer information; if you process payments using customer’s credit cards, you are required by law to comply with a variety of

Do you want to know what you don’t know?

In my experience there are two types of enterprise IT departments -those that maintain the status quo and those looking to continuously explore and improve. It is truly unfortunate how many fall into the former category.  But the problem with IT security is that it’s an ever-evolving and moving target. So the decision to not dip your toe in the water and understand all available options could mean the difference between a panicked 3am call regarding a breach alert or a good night’s sleep. I

If a tree falls in your network, does anybody hear?

When I started scribbling notes as to what to write about this week, my first thought was to address some of the claims that cloud wasn’t “ready for prime time,” by a some survey done by Wisegate. Everyone is entitled to an opinion, and those who wish to turn a blind eye to the maturation of the cloud do so at their own risk. Before I move on to the subject at hand, I will simply remind doubters that these same voices were shouting the

The Challenge of BYOD

“Don’t care how…I want it now!” -Veruca Salt (Willy Wonka and the Chocolate Factory) We live and work in a world of immediate gratification. In the name of greater productivity if you need to check inventory from a supplier’s warehouse…click there it is. Share a file on Dropbox, no problem. Add detail about a meeting in the sales database… click! Update your Facebook or LinkedIn status. Email a white paper to a potential client…click, click. Want to see that flying pig meme…well, you get the