Context Aware Security: Is It Time for Your Organization to Implement this Approach in Protecting Its Assets?

Has your organization adopted a “context aware” IT security model?  Perhaps, it has adopted a single password model of IT security approach ---and, if it has done so, then as members of your organization’s information and network security team, it is your responsibility to at least consider the benefits of moving beyond an IT security equivalent of “putting all your eggs in one basket” to an IT security model smart enough to add context to a security event. As Leon Ward states in a recently posted article, “…..context aware security is the use of situational information (such as identity, … [Read more...]

Red Teaming Course Now Offered by Watermark Institute

Amy E. Hutchens, CCEP, General Counsel, Vice President Compliance & Ethics Services at Watermark Risk Management International, LLC – and a contributing writer to this website -- has brought our staff’s attention to a valuable disaster preparedness resource stemming from the recent launching of “Red Teaming” courses now offered by the Watermark Institute led by its director, Dr. Mark Mateski. Red Teaming According to the “Red Team Journal” publication, red teaming is the practice of viewing a problem from an adversarial, competitive, or contrarian point of view. Red teams seek to … [Read more...]

Mobile Device Threats in Corporate Environments are Real and Costly

While few risk management teams would fail to recognize the growing potential for information security threats involved in mobile devices, the fact remains that a lack of integrated mobile security is continuing to cost companies in terms of everything from lost productivity to lost data. Cyber criminals also continue to target mobile workers as easy potential access portals to a company’s backend IT infrastructure. As a result, many organizational security risk management teams can argue that their company might need to supplement its integrated mobile defense program with a coherent … [Read more...]

Security Industry — New ASIS Report Assesses the State of the U.S. Security Industry

By: Ben J. Carnevale, Managing Editor An increasingly challenging security (physical and IT) related threat environment for U.S. businesses remains a major topic for all security management team in companies throughout the country. And, without a successful ability to align senior management strategic thinking with those threats still too often leaves those team under-funded and without the critical support needed for achieving their objectives. To shed some light on this critical issue and perhaps give some needed information to help in security management team presentations to upper … [Read more...]

Free Cyber Security Awareness and Training Courses Offered by DHS/FEMA Partnership with Texas A&M University.

Just recently, our staff was made aware of a program offering free cyber security related training and awareness courses.  These courses are funded by DHS/FEMA in cooperation with the Texas A&M Engineering Extension Service (TEEX). The objective of this DHS/FEMA partnering is to ensure that cyber space is supported by secure and resilient infrastructure(s) ---delivering open communications, information and prosperity while protecting privacy and confidentiality. These courses are offered at no cost and students can earn a TEEX certification of completion and Continuing Education … [Read more...]

IT Security Threats and Attacks Quantified by New Ponemon Institute Report

A newly recently report, entitled “First Annual Cost of Failed Trust Report: Threats and Attacks”, has just been released.  This report presents research from the Ponemon Institute and was underwritten by Venafi.  The objective of this report is to provide the first extensive examination of how failure to control trust (in IT security keys and certificates) in the face of new and evolving threats is placing all global enterprises at risk. Every business and government relies on cryptographic keys and certificates to provide trust for critical electronic communications.  These technologies … [Read more...]

Wireless Network Security Tested in a Unique Way

Wireless network security levels were tested recently in Edinburgh Scotland by a cyclist who “war-biked” around the capital trying to find unsecured wireless networks which could be exploited by hackers. Security expert James Lyne utilized a bike equipped with dynamos and solar panels to power a computer which scans for wireless networks which have no or poor security. As our readers well know, hackers can join wireless networks and then become totally capable of directly attacking those computers and other devices to steal money or information. They can also track which websites you … [Read more...]

E-Discovery Newsletter of Notable Cases and Events

In its ongoing effort to provide current and relevant updates regarding developments in the field of e-discovery, our staff would like to recommend a reading of the Sidley Austin LLP firm's current newsletter written by its in-house “E-Discovery Task Force” group. This group from Sidley Austin LLP works to stay abreast of the shifting legal landscape surrounding e-discovery. The most current update addresses the following recent developments and court decisions involving e-discovery issues: 1. A Northern District of Illinois ruling sanctioning a defendant company for failing to … [Read more...]

ASQ Northern Virginia Section 0511 Meeting Announcement

The larger the organization the more likely it is that there are written instructions about how things are done within that organization. This makes sure that nothing is left out and that everyone is clear about who needs to do what, when and how. When an organization systematizes how it does things, this is often known as a management system. With that thought in mind, it is not surprising to notice that ISO Management Systems are becoming increasingly popular with risk based standards for Information Security, Service Management and Business Continuity. How do these standards (along … [Read more...]

Cyber Risk Management App Offers Help in Keeping Ahead of the Curve in a Rapidly Changing Cyber Threat Landscape

As one of the risk management options mentioned in an earlier cyber insurance related posting on this website, our staff would like to recommend the CyberEdge Mobile App for the iPad to cyber security risk management team members where you work. AIG “Cyber Risk Report 2013 This CyberEdge Mobile App was developed by the American International Group, Inc. (AIG) in response to a recent AIG survey and report, where it was found that 80% of executives and brokers find it very difficult – if not sometimes nearly impossible – to keep pace with defending against and mitigating risk related to cyber … [Read more...]