
InfoSec Blog
Find valuable news, tips, and guidance in information security.
Developing a Security Oriented Corporate Culture – white paper
Posted by: RHH | Posted on: May 23rd, 2012 | 0 Comments
JurInnov is pleased to announce the release of an important and timely white paper, ” Developing a
Security-Oriented Corporate Culture.” Organizations that do not develop a security-oriented corporate culture are risking fraud, loss or misuse of data, and even legal responsibility when information is compromised, according to the new white paper written by Eric Vanderburg of JurInnov.
Eric, Director of Information Systems and Security at JurInnov, wrote the white paper as a means of informing clients that corporate culture is a vital aspect of information security. Readers will benefit from his detailed analysis, which is available free online.
As the white paper makes clear, “the greatest security initiative may fail because of an incompatible corporate culture.”
Public Cloud Security Concerns Remain after Recent Study
Posted by: JurInnov | Posted on: May 3rd, 2012 | 0 Comments
Public clouds have been greatly promoted as an approach for organizations to reduce information technology (IT) costs and increase technology flexibility and scalability. Cloud
computing allows smaller organizations to employ IT services that would previously have been too expensive to implement due to high up-front infrastructure costs. Companies can implement IT solutions faster in a public cloud because they do not have to spend time creating and configuring the technology environment. Larger organizations, already familiar with remote computing operations, gain flexibility and scalability by utilizing cloud services or implementing private clouds to consolidate IT resources.
Environmentally Conscious Security: Painting Information Security Green
Posted by: JurInnov | Posted on: February 16th, 2012 | 0 Comments
Historically, ecological concerns have been significant drivers for change. Topics ranging from global warming to protecting various species carry a strong emotional appeal, thus, motivating business and personal change with the ultimate goal of protecting the environment. These environmental initiatives have been termed “green initiatives” and they impact IT in the form of “green computing.” The popularity of the green computing initiatives stems not only from environmental concerns but also from a financial concern. A primary goal of many green computing initiatives is to reduce power consumption as this has a direct impact on the bottom line.
A Certified Lack of Confidence: The Threat of Rogue Certificate Authorities
Posted by: Eric Vanderburg | Posted on: February 9th, 2012 | 0 Comments

For more than a decade, computer generated digital certificates have made it possible to authenticate the identity of computer systems, data, and web sites by connecting a public key with an identity such as an owner’s name. The process relies on trust. “Secure” websites utilize such a certificate to validate their identity. This digital certificate is usually procured from a company that will verify the identity of the company administrating the site. The digital certificate issued to them will be validated by a trusted root certificate authority or by a server that is trusted by the trusted root. This chain of certificates is called a certificate hierarchy. A small group of trusted certificate authorities is installed on computers within the operating system. These authorities include such names as Equifax, VeriSign and Thawte. So what happens when the system breaks down?
Risk Homeostasis: Is Risk Reduction a Pipe Dream?
Posted by: JurInnov | Posted on: February 3rd, 2012 | 0 Comments
How often do you speed? What is your investment strategy? Answers to questions like these could provide insight into an individual’s level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk someone is willing to accept. This level of risk acceptance is applicable to the use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.
Is Your TV a Security Risk? Embedded Devices May be the Next Target.
Posted by: JurInnov | Posted on: January 26th, 2012 | 1 Comments
The latest televisions and Blu-ray players are being shipped with more than high definition video and audio. Internet access and a host of new applications are being built in to run directly on these devices. A popular built-in feature is wireless access which enables the user to avoid plugging in an Ethernet cable. Accessing the internet and your favorite apps directly from your TV is convenient. However, what security risk does this pose?
Stop Hoarding! Improve Security, Efficiency and the Bottom Line through an Effective Data Retention Policy
Posted by: JurInnov | Posted on: January 19th, 2012 | 0 Comments
Organizations are accumulating data at a pace that would cause a hoarder to blush. Just like that old bicycle seat stored in the attic, data is often kept “just in case it may be needed someday.” This practice, however, comes at a cost.
Some organizations think that it is inexpensive to store data, especially with the steady decline in hard drive prices. The fact is, however, data is expensive to keep. Organizations spend a significant portion of time managing, archiving and securing data. Data is housed on servers, each of which must be maintained. Data is also archived regularly according to the organization’s backup schedule and it is audited and secured against loss. Each of these activities consumes the time (i.e. increases the cost) for those in information management.
Measuring Success with Security Metrics
Posted by: Eric Vanderburg | Posted on: December 14th, 2011 | 2 Comments

Try to imagine a world without metrics. The temperature would only be “hot” instead of 95° or a project would be “in progress” instead of 75% complete. Metrics provide an effective way to keep track of vital information. They are particularly useful for identifying trends and measuring the progress of activities. When used effectively, security metrics provide a uniform way to make decisions and to measure progress in information security.
Information Security Compliance: ISO 27000
Posted by: Eric Vanderburg | Posted on: December 7th, 2011 | 0 Comments
The last two articles on compliance have covered the Health Insurance Portability and Accountability Act (HIPAA) and the ramifications of that bill on healthcare providers and business associates and the Payment Card Industry Data Security Standard (PCI-DSS) which provides guidelines for securely handling credit card and related personal data. This article outlines the ISO (International Organization for Standardization) 27000 and its benefits for organizations.
Defending Against DDOS (Distributed Denial-of-Service)
Posted by: JurInnov | Posted on: December 1st, 2011 | 0 Comments
The site is down! These are haunting words for most businesses, and today’s topic: the DDoS (Distributed Denial-of-Service) attack. This particularly nasty type of attack attempts to disrupt the availability of systems by overwhelming servers, saturating bandwidth or through other techniques. Your business is most likely heavily reliant upon specific systems and this article provides an overview of the DDoS attack that could potentially take these key systems down and techniques for combating the DDoS.














Follow Us!