Archive - November 2000
Public Cloud Security Concerns Remain after Recent Study
Public clouds have been greatly promoted as an approach for organizations to reduce information technology (IT) costs and increase technology flexibility and scalability. Cloud 
computing allows smaller organizations to employ IT services that would previously have been too expensive to implement due to high up-front infrastructure costs. Companies can implement IT solutions faster in a public cloud because they do not have to spend time creating and configuring the technology environment. Larger organizations, already familiar with remote computing operations, gain flexibility and scalability by utilizing cloud services or implementing private clouds to consolidate IT resources.
Risk Homeostasis: Is Risk Reduction a Pipe Dream?
How often do you speed? What is your investment strategy? Answers to questions like these could provide insight into an individual’s level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk someone is willing to accept. This level of risk acceptance is applicable to the use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.
Is Your TV a Security Risk? Embedded Devices May be the Next Target.
The latest televisions and Blu-ray players are being shipped with more than high definition video and audio. Internet access and a host of new applications are being built in to run directly on these devices. A popular built-in feature is wireless access which enables the user to avoid plugging in an Ethernet cable. Accessing the internet and your favorite apps directly from your TV is convenient. However, what security risk does this pose?
Stop Hoarding! Improve Security, Efficiency and the Bottom Line through an Effective Data Retention Policy
Organizations are accumulating data at a pace that would cause a hoarder to blush. Just like that old bicycle seat stored in the attic, data is often kept “just in case it may be needed someday.” This practice, however, comes at a cost.
Some organizations think that it is inexpensive to store data, especially with the steady decline in hard drive prices. The fact is, however, data is expensive to keep. Organizations spend a significant portion of time managing, archiving and securing data. Data is housed on servers, each of which must be maintained. Data is also archived regularly according to the organization’s backup schedule and it is audited and secured against loss. Each of these activities consumes the time (i.e. increases the cost) for those in information management.
Measuring Success with Security Metrics
Try to imagine a world without metrics. The temperature would only be “hot” instead of 95° or a project would be “in progress” instead of 75% complete. Metrics provide an effective way to keep track of vital information. They are particularly useful for identifying trends and measuring the progress of activities. When used effectively, security metrics provide a uniform way to make decisions and to measure progress in information security.
Information Security Compliance: ISO 27000
The last two articles on compliance have covered the Health Insurance Portability and Accountability Act (HIPAA) and the ramifications of that bill on healthcare providers and business associates and the Payment Card Industry Data Security Standard (PCI-DSS) which provides guidelines for securely handling credit card and related personal data. This article outlines the ISO (International Organization for Standardization) 27000 and its benefits for organizations.
Defending Against DDOS (Distributed Denial-of-Service)
The site is down! These are haunting words for most businesses, and today’s topic: the DDoS (Distributed Denial-of-Service) attack. This particularly nasty type of attack attempts to disrupt the availability of systems by overwhelming servers, saturating bandwidth or through other techniques. Your business is most likely heavily reliant upon specific systems and this article provides an overview of the DDoS attack that could potentially take these key systems down and techniques for combating the DDoS.
Transferring Information Security Risk with Cyber Insurance
There are four ways of dealing with risk; Avoid, Mitigate, Accept, or Transfer. Avoiding a risk would involve changing procedures or systems so that the risk does not apply anymore such as removing old encryption protocols so that their risk is avoided. Risks are mitigated by implementing security controls. If the risk is within acceptable levels it can be accepted and lastly risks can be transferred, primarily through insurance.
Preventing the data breach: A dozen steps to protect against data loss
Losing data can be tremendously devastating to a company. It could compromise security, information, and jobs. Today, we will look at twelve actions that a company can take to mitigate the risks of a data breach. These twelve steps, performing a risk analysis, asset identification and classification, attention to detail, encryption, social networking, compliance, management of personnel, least privilege, solution diversity, tracking mobile devices, data destruction and testing are essential to helping a company’s security program.
