Surprise! Users ignore security policies.
If users still don't understand their role in protecting information, and if they regularly perform actions that violate policy, what steps has management taken to change attitudes and habits?
Best Security Tools: Secunia PSI
Scanning desktop and laptop images to make sure all security patches are applied is not always easy. Especially when applications from a variety of vendors are installed. Secunia PSI, a free download, can help.
Management's right to employee communication: There are limits
The courts have consistently upheld business rights to information stored on company-owned information assets, including email and other messaging media. There were limits, like restricting data retrieval to items actually related to business transactions or relavant to an ongoing investigation. Now, however, a U.S. Federal court has placed messages sent via contracted services within the scope of employee expectation of privacy.
Best Security Tools: Free online Web utilities
Have you ever needed to PING a host, trace a Web route, or see what information you're exposing to the Internet without having to reconfigure the security on your perimeter devices? Have you tired of having to call your managed security services provider to let them know it's you creating the anomalous behavior, not an attacker? Then maybe you should check out one of the free, online Web services providers.
Protect your email address from spammers, help digitize books
In addition to providing a free, downloadable CAPTCHA solution for Web developers, the site also offers a way to protect your contact email address used on your Web site.
Wrong problem, wrong solution: Sophos misstep on laptop security
I hope that in the future, Sophos representatives take a moment to understand business need and appropriate controls before making a broad statement about data usage.
DNS redirection hits home
DNS cache poisoning and redirection problems have been around for some time. However, most, if not all, ISPs and other DNS server providers have followed best practices to harden their domain name to IP address translation services. So, looking for a softer, more productive target (less cost when compared to return), cybercriminals are turning to SOHO DNS redirection.
How fast can YOU leak data?
Speed limitations might have hindered users or interlopers from copying large amounts of data to USB devices. But that hindrance is disappearing.
Insider threats: The pendulum swings
As the pendulum begins to swing toward the point where employees are perceived as innocent by-standers, we as security professionals need to slow its momentum with common sense.
Going green: Security opportunities and risks
When your organization starts talking about going green, the opportunity to change the way employees handle electronically stored information (ESI) presents itself. These opportunities are often driven by increased risk.
PayPal Plug-In: Secure one-time credit card payments at any site
I use PayPal whenever possible, securing my access with a password and a VIP token. But many sites I visit don't accept PayPal. Now, that's not a problem. I can enjoy the relative safety of a PayPal transaction on any site that takes MasterCard.
Preventing data breaches isn't just about stopping stuff coming in
For years, security professionals have been told to secure the perimeter, let no one or nothing enter without permission, detect and react to incoming attacks. This was a good start, but it falls short of a complete network security solution.
Participate in NIST document reviews
The U.S. National Institute of Standards and Technology regularly publishes documents that help security professionals protect critical data and systems. The value of these documents is enhanced when a large number of security analysts and engineers review and comment on drafts.
Best Security Tools: LinkScanner
My preliminary opinion is that LinkScanner is a great product for anyone who believes their software firewall could be breached by their activities on the Web. At $19.95, the price is right for anyone to add it as an additional layer of security. I'm implementing it just to see how many red warning windows I can generate during my normal day of security research.
SSO: It isn't just about security
Defining a clear SSO strategy, implementing MFA with a view to improved user experience and enhanced productivity, and reducing password related frustrations accomplish three important objectives. First, the company realizes an ROI based on reduced downtime due to password management issues. Second, user frustration with technology constraints is mitigated (removed would be too much to hope for). And because of the first two objectives being met, more time is available for the most important thing we do--provide the highest quality heath care possible to our residents, our home care patients, and their families.
name: MAGPIE