Security Management Strategies for the CIO
Email Alerts
-
Watching the watchers
In this Security School lesson, expert Andreas explores how to monitor the activities of your most trusted insiders with a combination of policy, process and technology to keep unauthorized access and data loss to a minimum. guide
-
Mass 201 CMR 17: Basics for security practitioners
Massachusetts data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements of this law, and find out what needs to be done to become compliant with the law. Learning Guide
-
Quiz: Data loss prevention
Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material. Quiz
-
More from SearchSecurity.com -- May 2007
Online content from the May 2007 edition of Information Security magazine, examining best practices for the protection of sensitive information. Monthly Magazine Highligh
-
Database defenses for a new era of threats
All too often, precious corporate databases containing customer records and other sensitive data are forgotten or ignored. This lesson offers an overview of the basic tools needed to secure a company's databases against today's emerging and most dang... partOfGuideSeries
-
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
-
Information theft and cryptographic attacks
The third tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by R... Book Chapter
-
Policies and regulatory compliance
An overview of the type of policies needed for regulatory compliance. Information Security maga
-
More from SearchSecurity -- April 2006
Highlights from this month's issue of Information Security magazine. Monthly Magazine Highligh
-
Elements of a data protection strategy
In this excerpt from Data Protection and Lifecycle Management, Tom Petrocelli addresses the importance of securing data for regulatory compliance and outlines the five components of a data protection strategy. Book Excerpt
- See More: Essential Knowledge on Identity Theft and Data Security Breaches
-
South Carolina breach affects millions
Millions of Social Security numbers and thousands of credit and debit cards were exposed after an attacker penetrated a state agency server. News | 29 Oct 2012
-
Report details insider threats, but enterprises can respond, says expert
Scott Crawford, a research director at Enterprise Management Associates, explains how some enterprises address the risk of a trusted insider turned rogue. News | 24 Oct 2012
-
Verizon DBIR: Identify insider threat warning signs, safeguard IP
Trusted insiders often play a role in IP theft, according to a new report. Spot the warning signs and apply the right data protection, say experts. News | 24 Oct 2012
-
Verizon DBIR analysis finds intellectual property theft takes years to detect
Intellectual property theft often involves collusion between attackers and malicious insiders, according to a study of 85 breaches conducted by Verizon. News | 23 Oct 2012
-
Scope of Dropbox security breach is undetermined
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses. News | 01 Aug 2012
-
FBI undercover operation leads to huge online credit card fraud sting
Twenty-four people arrested across eight countries in international cybercrime takedown. News | 26 Jun 2012
-
Password database inventory required following LinkedIn breach
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert. News | 25 Jun 2012
-
Global Payments processor breach expands, merchant data exposed
The processor said its breach did not exceed 1.5 million cards, but added that the personal data provided by merchant applications was also exposed. News | 14 Jun 2012
-
GlobalPayments breach update explains scope of lapse
The payment processor breach is believed to be under 1.5 million credit cards, but the company indicated on Tuesday that banks are issuing a “wide net to protect customers News | 02 May 2012
-
Anonymous hacking group member pleads ‘not guilty’ in police website attack
An Ohio man reportedly associated with Anonymous pleaded not guilty on Monday to charges of hacking two Utah police websites. News | 18 Apr 2012
- See More: News on Identity Theft and Data Security Breaches
-
Diagram outside firm role early in security incident response process
Expert Nick Lewis provides criteria for selecting outside incident response firms and how to define security incident response process needs early on. Tip
-
NSTIC identity plan: Can identity brokers stop Internet identity theft?
The new NSTIC identity proposal would have identity brokers handling enterprise merchant customer authentication. But can it work? Tip
-
Hacktivism examples: What companies can learn from the HBGary attack
A few simple security best practices may have spared security company HBGary Federal from the recent attack by the hacktivist group Anonymous. Nick Lewis explains what happened and how to prevent such an attack against your company. Tip
-
Data breach procedures to stop Gawker-type Web password security leaks
Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the first place. Tip
-
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan. Tip
-
How to prevent iPhone spying: Mobile phone management tips
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question. Tip
-
An inside look at security log management forensics investigations
David Strom provides some examples of log data that provided key clues to enterprise data breaches. Tip
-
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this expert... Tip
-
The 'appropriate' way to comply with Data Protection Act 1998
The U.K. Data Protection Act is 10 years old, but the evidence shows that many organisations are still not up to standard when it comes to the seventh data security principle: using "appropriate and adequate security measures" to protect personal dat... Tip
-
Web 2.0 and e-discovery: Risks and countermeasures
Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especially when litigation calls for electronic discovery o... Tip
- See More: Tips on Identity Theft and Data Security Breaches
-
Verizon DBIR 2012: On Web app security, basics still lacking
Expert Michael Cobb analyzes takeaways from the Verizon DBIR 2012 report regarding Web app security and the need for more basic security measures. Answer
-
PCI DSS lessons learned from Global Payments data breach
Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises. Answer
-
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman. Ask the Expert
-
What are best practices for secure password distribution after a data breach?
After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM exp... Ask the Expert
-
Is insider activity or outsider activity a bigger enterprise threat?
According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spending too much time worrying about insiders? Security... Ask the Expert
-
Are Internet cafe users' email credentials at risk?
Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands. Ask the Expert
-
Is it possible to delete search data from a search engine's servers?
Search engine history can be very sensitive, and can be used against the searcher if it falls into the wrong hands. Security threats expert Ed Skoudis addresses the possibility of deleting search history from a search engine's servers. Ask the Expert
-
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Ask the Expert
-
What are the roles of a liaison officer?
Security incident response is one of the main duties of a liaison officer. Security management expert Mike Rothman explains. Ask the Expert
-
Why are there still various independent credit card security standards?
PCI DSS has become the well-known information security standard for credit cards, but vendors can still have different approaches to card data security. Ask the Expert
- See More: Expert Advice on Identity Theft and Data Security Breaches
-
targeted attack
A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack is conducted to gain access to a computer or network and is followed by a further exploit designed to cause harm ... Definition
-
industrial espionage
Industrial espionage is the covert and sometimes illegal practice of investigating competitors, usually to gain a business advantage. Definition
-
pretexting
Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage. A pretext is a false motive. Definition
-
parameter tampering
Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization... (Continued) Definition
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications. Definition
-
bot worm
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers. A bot worm may be created with the ultimate intention of creating a botnet that ... Definition
-
data breach
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable ... Definition
-
identity theft
According to the Identity Theft Resource Center, identity theft is a crime in which an imposter obtains key pieces of personal information, such as a Social Security number, to impersonate someone else....(Continued) Definition
-
extrusion prevention
Extrusion prevention is the practice of stopping data leakage by filtering outbound network traffic. Extrusion prevention protects sensitive digital assets from unauthorized transfer by stopping the movement of packets across the network. Extrusio... Definition
-
CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard)
CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.... Definition
- See More: Definitions on Identity Theft and Data Security Breaches
-
Debating international cyberespionage, poor secure coding practices
Corey Schou explains why cyberespionage and corporate intelligence are linked; also, why attackers aren't to blame for insecure coding practices. Video
-
Holistic security for database-centric applications
In this exclusive video presentation, Nemertes Research Senior Vice President and Founding Partner Andreas Antonopoulos provides an executive overview of the security issues of securing database-centric applications and the key tactics essential to s... Video
-
Video: PCI liability, HIPAA enforcement rule, breach notification laws
Attorney David Navetta discusses why PCI liability matters to card brands, the effect of the HIPAA enforcement rule and breach notification laws. Video
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure. Podcast
-
Podcast: Data breaches highlight systemic failures
The editorial team discusses the RSA SecurID breach, Epsilon’s massive email breach and the Briar Group’s credit card data loss settlement. Serious blunders led to each breach. Podcast
-
Video: Inside the Verizon Data Breach Investigations Report 2011
Verizon's Wade Baker previews the 2011 Verizon Breach Investigations Report and shares surprising insight from the 2010 report on tactics that do and don't help prevent breaches. Video
-
Fact or fiction: Inside extrusion detection and prevention technology
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing ne... Podcast
-
Courts turn aside data breach suits
Class action suits based on data breaches have failed without exception. But, companies still face heavy sanctions and have settled in most cases rather than risk losing in court. Video
-
Security incident response 101
Even the best procedures fail to overcome the stresses in the initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well coordinated response. Video
-
The challenges of incident response plans and procedures
Mandiant's Kevin Mandia reviews his top five incident response challenges. Video
- See More: Multimedia on Identity Theft and Data Security Breaches
-
South Carolina breach affects millions
Millions of Social Security numbers and thousands of credit and debit cards were exposed after an attacker penetrated a state agency server. News
-
Debating international cyberespionage, poor secure coding practices
Corey Schou explains why cyberespionage and corporate intelligence are linked; also, why attackers aren't to blame for insecure coding practices. Video
-
Report details insider threats, but enterprises can respond, says expert
Scott Crawford, a research director at Enterprise Management Associates, explains how some enterprises address the risk of a trusted insider turned rogue. News
-
Verizon DBIR: Identify insider threat warning signs, safeguard IP
Trusted insiders often play a role in IP theft, according to a new report. Spot the warning signs and apply the right data protection, say experts. News
-
Verizon DBIR analysis finds intellectual property theft takes years to detect
Intellectual property theft often involves collusion between attackers and malicious insiders, according to a study of 85 breaches conducted by Verizon. News
-
targeted attack
A targeted attack is one that seeks to breach the security measures of a specific individual or organization. Usually the initial attack is conducted to gain access to a computer or network and is followed by a further exploit designed to cause harm ... Definition
-
industrial espionage
Industrial espionage is the covert and sometimes illegal practice of investigating competitors, usually to gain a business advantage. Definition
-
Verizon DBIR 2012: On Web app security, basics still lacking
Expert Michael Cobb analyzes takeaways from the Verizon DBIR 2012 report regarding Web app security and the need for more basic security measures. Answer
-
PCI DSS lessons learned from Global Payments data breach
Expert Nick Lewis discusses the Global Payments data breach, focusing on lessons to be learned for PCI DSS-compliant enterprises. Answer
-
Scope of Dropbox security breach is undetermined
Dropbox spokesman says investigation is ongoing after attackers gained access to an employee account leaking user email addresses. News
- See More: All on Identity Theft and Data Security Breaches
About Identity Theft and Data Security Breaches
Get advice on data security, identity theft and information security breaches. Learn about corporate data breach laws and legislation, state disclosure laws including Calif. SB-1386, notification requirements and legal ramifications of data breaches, and how to prevent hackers from stealing credit card data and social security numbers.