Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for February, 2012


Microsoft Patch Tuesday – February 2012

Ahh Valentine’s Day. Time to leave work early, buy a box of chocolates for your loved one, and fight through the crowds for a table at your favorite restaurant. Or, if you happen to be gainfully employed in IT security, time to spend the evening at work with your coworkers, patching servers and drinking a…

Post by Chris Silva February 14, 2012
dod logo

Capping Insider Leaks

Capping insider leaks is a top priority for the U.S. intelligence community – so much so that a “national insider threat policy” will soon be enforced. A Presidential Directive has already been issued ordering all departments and agencies to open an Insider Threat Program Management Office (PMO). Yet while the government is ordering directives on…

Post by Peter McCalister February 14, 2012

DLP, Insider Threats, File Auditing and Reporting

The growth of the cloud, virtualization and the consumerization of IT continue to provide companies and end users with more flexibility. However, they also raise some challenges for IT departments. One such challenge that is commonly discussed is data loss prevention (DLP), or the ability to identify, monitor and protect sensitive corporate information.  While some…

Post by Morgan Holm February 13, 2012
, , , , , , ,

Don’t Ask, Don’t Tell!

Nope this is not a blog about sexual preference in the military. Nor is it a blog about what happened in Vegas during the last tradeshow you attended. It is a scary observation regarding what to do in the aftermath of a breach. A recent article titled “IT Pros Believe Data Breach Harm Assessment Is…

Post by Peter McCalister February 13, 2012
Win 7 logo

Beware The Risk Of The Vulnerable Corporate Desktop

Anyone who has spent any time at all in the cyber-security space knows that hackers and creators of malware don’t rest for an instant. The harder the IT security world works to stay ahead of the cyber-criminals (or, more accurately, to keep pace or catch up to them), the faster increasingly sophisticated attacks burst into…

Post by Peter McCalister February 10, 2012
tale of least privilege

What The Dickens Can I Do To Secure My Servers?

“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness…” these opening words of A Tale of Two Cities (1859), a novel by Charles Dickens, have always stayed with me. While these words were written over 150 years ago they resonate…

Post by Peter McCalister February 9, 2012
Stones Cloud

Hey You Get Off Of My Cloud

Any Rolling Stones fans out there? Well I guess if you were singing along to this when it came out, then you didn’t know that you’d be a least privilege geek in 2012 either. Either way, as I was humming along to myself the other day I couldn’t help but think of the metaphor as…

Post by Peter McCalister February 8, 2012

And The Data Breaches Just Keep On Coming…

Recently two new data breaches were announced, one the result of an accidental misuse of privilege and the other the result of negligence by a third party vendor. First, the Department of Veterans Affairs announced it accidentally handed over the data of living veterans when complying with a Freedom of Information request from The…

Post by Peter McCalister February 7, 2012
villain trio

Who is To Blame When An Insider Breach Occurs?

As I’ve waded through the hundreds of published insider breaches from just the last two years, what was a clear recurring theme was that of the vagaries of human nature. Not meaning to wax poetic, but it was always an individual who misused their own, or some other insider’s, privileged access authorizations to IT systems…

Post by Peter McCalister February 6, 2012
Accidental Harm

But Users Aren’t That Savvy….NOT!

BeyondTrust has been doing Privilege Management for over 25 years. I’ve been with the company for over six of them. I’m constantly talking with people about the benefits of running their enterprise users as standard users, rather than administrative ones. Admin users are able to circumvent Group Policy or other security measures, such as installing…

Post by Peter McCalister February 2, 2012