Month: April 2012

A Job for Man or Machine?

A Chief Technology Officer for a Midwest banking holding company made a very interesting observation earlier this week. In commenting about the needed increase in fraud fighting resources, he warned about the perils of overemphasizing technology while ignoring training staff in using manual fraud-detection processes. Most of what he says is spot on in terms of ensuring the proper prioritization, risk analysis and the blind reliance on technology to identify and neutralize threats and breaches. In fact, as an officer in a technology company, I

Storming the Castle

One of the true benefits of the cloud is the ability to reconfigure and create a stronger, more active asset protection strategy than you might be able to otherwise afford. But let’s look beyond the cost factor for a moment and analyze a true best practice that gives an organization a true advantage within the cloud and an overall strategic deployment of security resources. And to look at the future of security configuration we have to look back 500 years into the mists of history

Threat Versus Risk

I was chatting with an IT professional about the benefits of cloud-based security and he kept referring to a recent risk assessment he performed. (And if you haven’t done this lately, you should) But what got the gears in my head turning is how interchangeably he used the terms “risk” and “threat.” Now on the surface they seem like the same component of security management. I tend to disagree. In its simplest of terms, risk the probability or frequency of doing harm while threat is

Everything I Know About Cloud Security I Learned from Star Trek (Part 1)

Aside from the expendability of red-shirted nameless extras, is there any wisdom about security that can be gleaned from the iconic television show Star Trek? Last month we hosted a webinar that explored such a theme and discovered there are a plethora of best practices that mirror the security issues and challenges being experienced by IT professionals today. Obviously it’s not about about alien life forms invading the starship Enterprise (unless you define aliens as malware or botnets) or how the transporter split Captain Kirk

Smelling a RAT: Lesson Learned from Sophos

Is it me or does it seem that several times a week, an organization of significant size is reporting intrusion failures that put various IT assets at risk—whether it be customer credit card data, employee social security numbers, or in today’s example, renowned security firm. Sophos, discovered it’s server was compromised. In this case they discovered a couple of unauthorized programs that were designed “to allow unauthorized remote access to information.” The type of program found were RATs (remote administration tools) which if they remained

*********: Your First Line of Defense

Before I get started…I just wanted to invite our readers to an interesting online event on Thursday April 19. I will be hosting a webinar that delves into and dissects some of the most injurious IT threats and provide some cloud-based countermeasures. You can read more and register on the Webinars and Other Events tab above. I hope you will join me. Now onto the subject at hand: If you’re like me, you have dozens of passwords. From Facebook to bank accounts to SaaS-based CRM

Security Does NOT Equal Compliance

I was all set to go another direction with this blog today, but then I read a quote from a Gartner analyst that got me thinking. “Security does not equal compliance. [Global Payments] may have been compliant at time of exam, but not at time of the breach.” We need to constantly be assessing PCI compliance.” This, of course is going back to my blog earlier this week discussing the how one of the largest payment processing companies got hacked and left more than 1.5

A Lesson Learned from Global Payments

Stories like the recently announced breach of security by Visa partner and mammoth online payments processor Global Payments happen with alarming regularity. In brief, Global Payments said it “identified and self-reported unauthorized access into a portion of its processing system. In early March 2012, the company determined card data may have been accessed.” For a full report, see here What we know is that the company experienced unauthorized access into a portion of its processing system that may have exposed payment card information and other