Archive - November 2000
Risk Homeostasis: Is Risk Reduction a Pipe Dream?
How often do you speed? What is your investment strategy? Answers to questions like these could provide insight into an individual’s level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk someone is willing to accept. This level of risk acceptance is applicable to the use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.
Information Security Compliance: ISO 27000
The last two articles on compliance have covered the Health Insurance Portability and Accountability Act (HIPAA) and the ramifications of that bill on healthcare providers and business associates and the Payment Card Industry Data Security Standard (PCI-DSS) which provides guidelines for securely handling credit card and related personal data. This article outlines the ISO (International Organization for Standardization) 27000 and its benefits for organizations.
Paranoid, Skeptical, Cheater Wanted for Security Position: Compensation Commensurate with Experience
As you laugh at my title, anticipating several paragraphs of satire, think about what I’ve just said because I’m actually serious…to a degree. These traits, mostly viewed in a negative light, can also be harnessed to deliver better security solutions. Just remember that little trick of moderation. Observe.
Cisco Access Controls and Security
Many organizations use Cisco devices to interconnect, protect, filter, and manage networks so it is important to understand ways to improve the security of these devices as part of your information security program. Within this article three basic access controls you can implement on any Cisco device will be discussed. These access controls are intended for those who are new to Cisco, so if you are a Cisco veteran, please peruse some of our more advanced articles on Cisco and information security.
Understanding Data Loss Prevention (DLP)
Eric Vanderburg
Data Loss Prevention (DLP) is one of those terms that is often mentioned but less often defined. The term can be as ambiguous as its scope which can be both large and small. So what is DLP and why does it matter?
Data Loss Prevention (DLP) is an effort to reduce the risk of sensitive data being exposed to unauthorized persons. Data is extremely valuable to organizations. Just think of trade secrets, financial information, research data, health information, personal information, source code or credit card numbers and you begin to understand both the value this data holds for the organization and the threat its unauthorized disclosure would have on a company. Data loss prevention focuses on this threat by enacting controls to limit access and distribution of data. DLP still establishes controls to restrict outsiders but it has a major focus on controlling the usage of data within the organization.
