In classical information security practice [It is interesting to note that the need for information security is barely 30 years old and conventional practice is already considered “classical.”] an organization is expected to identify and categorize its critical assets; evaluate security threats and vulnerabilities; categorize the impact of those threats on the Confidentiality, Integrity and […]
Kaliber Data Security Blog
Read posts from the Kaliber Data Security Blog focusing on data protection, cyber security and more.
While there has been at least one article (link) suggesting that hackers could have diverted the Malaysian jet which mysteriously disappeared over the South Pacific, what really unites the jet mystery with the Target breach is the topic of “alarm overload.” Numerous public safety incidents have, over the years, been linked to alarm systems that […]
It is not only individuals who are at risk from identity theft–U.S. businesses lose billions of dollars a year from it, as well. This problem can arise from a breach of your data at the hands of either a cyber-criminal or a disgruntled former employee. It doesn’t always end in cash being siphoned from your […]
This poster identifies and explains different ways cyber criminals can make money from a hacked computer. This helps ordinary computer users understand why they are a target and how they are worth money. This is an excellent resource to actively engage people in your awareness program. This poster is based on the original work of Brian […]
In a recent article (link) posted by Metropolitan Corporate Counsel, attorneys Luiz Diaz and David Crapo assess the costs associated with HIPAA breaches. Their analysis is based on a review of reports made since the 2009 Notification Rule went into effect. Since 2009, providers have paid almost $15 million dollars in notification costs for postage, […]
Based on a recent study at Carnegie Mellon University these are a few simple things that can make your passwords less vulnerable to brute force attacks: Place digits and symbols anywhere but at the end. Place uppercase characters anywhere but at the beginning. Multiple characters spread out in more than one location are associated with […]
Vendor-neutral security audits are an important way for companies to get a measure of their risks and the appropriateness of the controls they have instituted.
In a recent blog post, Dwayne Melancon, CTO of TripWire explored the notion of aligning the value provided by IT with the well known psychologic theory, “Maslow’s Hierarchy of Needs”. In Maslow’s paradigm he postulates that, as humans, we must cover the basics (breathing, food, water, procreation, sleep, critical bodily functions, etc.) before we can […]
In a recent article for BBC News, Professor Alan Woodward outlines the vulnerabilities imposed on cyber-security by weak security practices at smaller organizations. “They may not think they have any data worth stealing but even the smallest company can be custodian to information that represents hard cash to criminal gangs: credit card details, customers’ names […]
Two forces are shaping privacy and security in outsourcing: Companies’ increased use of outsourcing driven by the desire to achieve greater efficiency coupled with a rapidly evolving privacy and security environment. What your vendor partner does with your company’s data (or that of YOUR customers) and how it protects—or fails to protect—it can put your […]