Archive - November 2000
Preventing the data breach: A dozen steps to protect against data loss
Losing data can be tremendously devastating to a company. It could compromise security, information, and jobs. Today, we will look at twelve actions that a company can take to mitigate the risks of a data breach. These twelve steps, performing a risk analysis, asset identification and classification, attention to detail, encryption, social networking, compliance, management of personnel, least privilege, solution diversity, tracking mobile devices, data destruction and testing are essential to helping a company’s security program.
Security and Compliance Synergies with DLP and SIEM
Data Loss Prevention (DLP) can greatly help organizations understand and control the data that is used, stored and transmitted and it is seeing increasing use in PCI-DSS compliance. Another technology, Security Information and Event Management (SIEM), collects and analyzes data in real time from multiple sources including server logs, network devices, firewalls and intrusion detection systems. In this article, we will enumerate how the combination of SIEM and DLP can improve the security and compliance of a corporation. Taken together SIEM and DLP can work so that data flow within a corporation is transparent, therefore, affording more control to the corporation and less ability to misuse that information.
iPad in the Enterprise: What is the Risk?
“Thinner. Lighter. Faster. Facetime. ” That is the catchphrase from the Apple page dedicated to the iPad. While Apple is known for its pithy titles for their amazing products, there is one thing that is oft ignored, but always important, and that is security. More and more people are adopting the iPad and some are using it to access business data but how can they do that securely? This article outlines the risk of using the iPad in the enterprise and some dos and don’ts for iPad security.
Consider this office scenario surrounding the iPad. The iPad 2 is just released and an executive is interested in one. Soon, with the help of a few tech savvy people in the office, he is connecting to the corporate network and accessing company data and systems. The thought of security never entered his mind. What can be done to protect this company from data loss?
Does One Bad App Spoil the Bunch?
Eric Vanderburg
Smartphones are replacing traditional phones. These handheld devices offer users more than just the ability to make calls; smartphones such as the iPhone, Google Android, or Blackberry let owners browse the Internet, check email, and run applications. In many ways, the modern smartphone is a merger of the computer and the phone into one small pocket sized device delivering information to you anytime, anywhere. But what else is your smartphone up to? With all its similarities to the PC, smartphones also share one of the PC’s less desired attributes…malware.
All three vendors, Google, Apple, and RIM maintain a directory of applications, or apps, allowing developers to publish applications to a directory for downloading. Some of those applications contained malicious code allowing phones to be converted into “zombies” for launching attacks or giving attackers access to data on smartphones such as contacts, emails, attachments, browsing history, or passwords. Some applications made calls to 900 numbers or premium texting services that you could be billed for. Both Google and Apple have identified and removed malicious apps from their directory and Google has implemented measures to remotely remove malicious apps from users’ phones. However, even this fact is disturbing because it demonstrates that Google has backdoor access to the Android phone. This system that today is used to remove malware, could one day be used to deploy it. Read More
