Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for August, 2011


Learning from the Ghosts of Data Breaches Past

Data breaches are unfortunately becoming a staple in the ever-changing world of information technology. As this environment continues to shift, it would be nice if malicious insiders and trouble-causing outsiders would shift right out of reality. This, however, is not a likely reality, therefore we must examine carefully ways to mitigate the effects of these…

Post by Peter McCalister August 12, 2011

Microsoft Patch Tuesday – August 2011

True to form for the even months of 2011, Microsoft released thirteen security bulletins today. Of the most interest are MS11-057 (Internet Explorer) and MS11-058 (DNS Server). While it has become fairly commonplace for Microsoft to release an Internet Explorer patch every other month, this release also patches IE9 – the second time a critical…

Post by Chris Silva August 9, 2011
cloud sec

Cloud Security Fears an Exaggeration? We Think Not.

According to a recent Computerworld article, outgoing Federal CIO Vivek Kundra was quoted as saying that cloud security fears are being exaggerated. Let’s take a brief look at some of the top government cloud service providers approved by the General Services Administration and see how they have fared in security, just in terms of malicious insiders.

Post by Peter McCalister August 9, 2011
pci compliance

PCI-DSS And Least Privilege

The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of comprehensive requirements for enhancing payment account data security in an effort to thwart the theft of sensitive cardholder information. The core group of requirements is as follows:

Post by Peter McCalister August 8, 2011

Least Privilege Becoming a Matter of National Security

We’ve been saying for years that enterprises need to pay attention to the risk of insider threat. Managing privileged access to IT information is both a security best practice as well as a stepin the right direction as far as productivity goes. Allowing employees and contractors to access information beyond what they need is both irresponsible and expensive, especially as more and more companies fall victim to breaches caused by supposed “trusted” insiders. It’s a very real IT threat, and one that must be addressed at every level. Especially by major utility facilities, as this special report by ABC points out.

Post by Peter McCalister August 5, 2011

Center for Digital Strategies And Securing The Perimeter Within

With our focus on managing the perimeter within we think a lot about the role of human and organizational behavior as well as technology in managing the insider threat. So it was great to discover that he folks at Center for Digital Strategies at the Tuck School of Business at Dartmouth College are doing a lot of great research on human element of IT security.

Post by Peter McCalister August 4, 2011

Treat The Symptom Or Cure The Disease

When virus outbreaks, data thefts and other security breaches impact an organizations computing systems, most will treat the symptoms instead of curing the disease. Treating the symptoms might include updating security software or policies, adding additional layers of security technology, and possibly locking down users so tightly that their productivity suffers.

Post by Peter McCalister August 3, 2011

Hacker Popularity Overshadows Insider Attacks

Anonymous and LulzSec attacks have been making a splash across news headlines this summer. It should come as no surprise that hacker attacks are far more publicized than insider attacks. In fact, according to the 2011 CyberSecurity Watch Survey conducted by CSO Magazine and Deloitte, 70 percent of insider incidents are handled internally without legal action.

Post by Peter McCalister August 2, 2011

3 Reasons POS Should Give A DAM

Just when you thought we exceeded our TLA (three letter acronym) quota for the year, up pops this idea for a blog based on a recent discussion with a national retailer, and I couldn’t resist the play on acronyms and the potential for multiple interpretations. But don’t let the TLAs scare you. This is actually a serious topic that does effect any of you who are responsible for compliance across remote sales locations.

Post by Peter McCalister August 1, 2011