In my monthly piece over at TechNewsWorld, I have a few comments on what organizations can do to make sure that service providers toe the proverbial line when it comes to security. From the article:
Vetting a service provider’s capabilities when it comes to security is obviously a useful first step, particularly when confidential or critical data is in scope. However, sometimes the...
As you know, sometimes a few of my comments about cloud make their way over to the Savvis Blog for publication in that venue. This month, I have a few comments there about VM Sprawl and why security folks should care about it. It’s written about a lot from a performance angle in the industry press, but the disorganization of it is also a huge security problem too. Anyway, I try to give a...
This year Ed and I have been asked to run the Application Security Tracks at the IANS Information Security Forums. In advance the first Forum, to be held on March 20-21 in Washington, DC we put together a podcast and a Q&A on application security and the topics we plan to cover. If you’re planning to attend any of the IANS Information Security Forums, or if you’re just interested...
As the second law of thermodynamics tells us, all things trend toward chaos and this is no less true with a virtual environment. Sprawl can have a real security impact, and it takes discipline and planning to control sprawl — discipline and planning that won’t occur without someone from the security team actively monitoring the problem and formulating strategies for how to address the...
[Excerpted from "Security Via HIPAA Compliance," a new report By Diana Kelley and Ed Moyle, posted on Dark Reading's Compliance Tech Center.]
Healthcare compliance requirements can be a driver to improve your organization’s overall security. Here’s how:
If your security organization is in the healthcare space, you inevitably are wrestling with the Healthcare Information...
So I have a few humble thoughts about free security tools over on the Savvis Blog that you as a cloud customer can use to fill in gaps that sometimes occur during a transition to a cloud environment. I won’t reproduce the content here, but wanted to pass along the link.
You can check it out on the Savvis blog at this link. It’s entitled, “5 free security tools every cloud...
In interesting research news, there’s a paper out from Accuvant that attempts to compare the relative security merits of the “big three” browsers: Chrome, FireFox and Internet Exploder Explorer. It’s an interesting read, so I suggest checking it out.
Now, I admit that I was skeptical when I first started reading it. Not only can the “which product is more secure...
In light of continued shenanigans in the CA community, apparently the CA/Browser forum has put out some guidelines for certificates that are going to be trusted by default in various browsers.
The document is here if you want to check it out.
I get it why the CA’s want this. It’s important that people believe they’re taking action. It’s an entry-heavy, low-maintenance...
So if you recall, I received an inquiry the other day to take a bit further my post where I was quacking about credit unions.
As a refresher, the gist of that discussion was that I found it to be somewhat lame that credit unions were complaining about how they have stringent technical controls whereas merchants don’t. My meta-point was that merchants (at least for card-based payments) have...
This month for eCommerce Times, I outline a few strategies for planning ahead of time for security resource dropoff during the holidays:
The end of the year is one of the riskiest times for information security. Attack levels rise right at the time IT staff attendance typically takes a dip. Adjusting to this critical period isn’t easy, but collecting the right information now can help you...
Next Event
Space is limited, reserve your spot today
