Category Archives: Data Protection

Communications Teams Get a Failing Grade Over Heartbleed

First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again. … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

Attack of the Month Video Blog Series: Network Layer Attacks In ICS

In the world of Industrial Control Systems (ICS)  system outage or infiltration can result in system downtime, loss of productivity and loss of revenue, as well as loss of confidentiality, integrity and availability. Additionally, system outage or infiltration could possibly result in loss of life often due to the critical nature of these devices. Together, lack of access to critical … Read more

Posted in Data Protection, DDoS, Governance, Risk and Compliance, Network Security, Security Management, Uncategorized | Tagged , , , , , | Leave a comment

Who Are Breach Disclosure Laws Meant to Protect? One Merchant Held up Notifications for More Than a Year at the Request of Federal Authorities

I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you might imagine, people … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , , | Leave a comment

New DDoS Warning Issued – Banking Industry Beware

The Federal Financial Institutions Examination Council (FFIEC), today released advisory statements warning Financial Institutions of risks associated with cyber-attacks on ATM’s, credit card authorization systems and the continued DDoS attacks against public-facing websites. It is encouraging to see continued awareness and general guidance coming from a credited authority on cyber threat protection.  This advisory statement brings reinforcement to guidelines outlined … Read more

Posted in Data Protection, DDoS, Governance, Risk and Compliance, Network Security, Uncategorized | Tagged , , , , , | Leave a comment

Who Is Reading Your Email, and for What Purpose?

Thanks to the NSA, so much attention has been on the fact that the federal government is collecting metadata about our phone calls that we have taken our eyes off what’s happening on the email front. There have been a few stark reminders in the news recently that email isn’t private and we shouldn’t use it to transmit sensitive information. … Read more

Posted in Data Protection, Security Threats, Uncategorized | Tagged , , , | Leave a comment

National Cybersecurity Career Fair in June Will Connect Employers to Entry Level Cybersecurity Workers

Do you know anyone who is an aspiring cyber security professional? Here is some important information to pass along to help them get their career started. This is also big news if your organization is looking to recruit entry-level people for IT security positions. Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National Cybersecurity … Read more

Posted in Application Security, Cloud Security, Data Protection, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

Cybersecurity in the U.S. Healthcare System is in Critical Condition and Needs Intensive Care

Last fall my husband was visiting a relative in the hospital when he noticed an Ethernet port on the side of the bed. He asked the nurse what the hospital uses the port for. She explained that they occasionally connect patient-monitoring devices to the port on the bed to facilitate transmission of alerts to the nurses’ station. For example, if … Read more

Posted in Application Security, Data Protection, Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , , | Leave a comment

Attack of the Month Video Blog Series: Application Layer DDoS Attacks

Happy Valentine’s Day everyone. For the LOVE of DDoS defense, I’m pleased to share with you another video blog, this time focused on Application Layer attacks. Today’s 5 minute session I will cover Application Layer attacks in more detail: What are these attacks? Why are they an emerging threat, or continue to be a successful attack tool? What is the … Read more

Posted in Application Security, Data Protection, Network Security, Security Management, Security Threats, Uncategorized | Leave a comment

What’s in that Refrigerator—Fish or Phish?

Well, here’s a switch. Usually televisions are bringing crap into our households. Now experts have learned that some smart TVs have been sending crap (in the form of spam) out of their owners’ houses. A recent press release from Proofpoint, Inc. details how the security service provider uncovered an Internet of Things (IoT) based cyberattack that utilized household “smart” appliances. … Read more

Posted in Data Protection, Network Security, Security Threats, Uncategorized | Tagged , , , , , , | Leave a comment

Federal Investigators Warn Retailers: If You Have a POS System in Operation, You May be at Risk

Hang on to your credit cards and start checking your free credit reports:  The latest news about retail breaches is not good. Numerous sources are now reporting that the recent Target and Neiman Marcus data breaches may be the tip of the cyber heist iceberg, and there are likely more related breaches that have not yet been announced. Writing in … Read more

Posted in Data Protection, Security Management, Security Threats, Uncategorized | Tagged , , , , , | Leave a comment