Encryption, a buzzword, not a silver bullet
Encryption, buzzword, not a silver bullet for protecting data on your servers. In order to determine how encryption fits into server data protection, consider 4 encryption components on the server side: passwords, tables, partitions and inter-tier socket communications. In these 4 components of a application / database server encryption policy, note that some countermeasures are […]
Ten steps to protecting your organization’s data
Here are 10 steps to protecting your organization’s privacy data and intellectual property. As a preface, begin with the understanding that you already have all the resources you need. Discussions with colleagues in a large forensics accounting firm that specialize in anti-fraud investigations, money laundering and anti-terror funding (ATF), confirm what I’ve suspected for a […]
The top 10 mistakes made by Linux developers
My colleague, Dr. Joel Isaacson talks about the top 10 mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world. The Little Engine That Could Copyright 2004 Joel Isaacson. This work is licensed under the Creative Commons Attribution License. I try to […]
Is network PVR the best direction for the big studios ?
The distribution of video over multicast-broadcast networks and content storage at by users with Windows PCs and PVRs has created a huge threat surface for digital content. Typical to flawed security countermeasures, HDCP and AACS exacerbate and enlarge the threat surface rather than enhance revenues and reduce risk. In this article we will show that […]
Will security turn into a B2B industry?
Information security is very much product driven and very much network perimeter security driven at that: firewalls, IPS, DLP, anti-virus, database firewalls, application firewalls, security information management systems and more. It is convenient for a customer to buy a product and feel “secure” but, as businesses become more and more interconnected, as cloud services […]
Offensive security
I have written several times in the past here, here and here about the notion of taking cyber security on the offensive James Anderson, president of Professional Assurance LLC, says that there is no evidence that governments can protect large firms from cyber attacks. “National security authorities may not even acknowledge that their interests align […]
Practical security management for startups
We normally associate the term “small business” or SME (small to medium sized enterprise) with commercial operations that buy and sell, manufacture products or provide services – lawyers, plumbers, accountants, web developers etc… However – there is an important class of small business operations that is often overlooked when it comes to information security and […]
The cloud concierge
The Israeli ISPs are really really bad. Just abysmal. It hurts me just to think about the level of customer service and data security incompetence that would make an Iraqi ISP running an operation in a store front beam with pride. I assume that we are not the only business to suffer from Netvision (and […]
The importance of data collection in a risk assessment
A risk assessment of a business always starts with data collection. The end objective is identifying and then implementing a corrective action plan that will improve data security in a cost-effective way, that is the right fit for the business. The question in any risk assessment is how do you get from point A (current […]
10 guidelines for a security audit
What exactly is the role of an information security auditor? In some cases, such as compliance by Level 1 and 2 merchants with PCI DSS 2.0, external audit is a condition to PCI DSS 2.0 compliance. In the case of ISO 27001, the audit process is a key to achieving ISO 27001 certification (unlike […]
