Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.


Trust Alone Is Not Enough According To Survey

A recent survey done by a BeyondTrust swat team passing out surveys received over 111 responses all to find out if people trust their cloud vendors with their data. If you haven’t read it, we also participated in a great TechDebate with NetworkWorld that put the issue of cloud security to the test. We went…

Post by Peter McCalister January 16, 2012
gangs as inside threat

Gangs Infiltrating Companies As Insiders To Steal Idenities

It was only a matter of time before organized gangs would discover how easy it is for an insider to gain access to sensitive data and realize that if you can’t beat them, join them. A recent blog titled “NY ID Theft Ring Used Insiders, Gang Members” published by Brian Krebs highlights that “Authorities in…

Post by Peter McCalister January 13, 2012

Active Directory Bridge – A Path To PCI Compliance

What is an Active Directory Bridge and how does it help me with PCI compliance? What is an Active Directory Bridge? First, as Gartner discussed at the Gartner Identity and Access Management Summit, Active Directory doesn’t do everything. It is not optimized for UNIX, Linux or Mac OS X and it’s difficult to leverage the…

Post by Peter McCalister January 12, 2012
monster under bed

If I Duck My Head Under This Blankie, The Monsters Can’t Get Me

Remember when we were kids and we’d hear a strange noise from the other room, or the closet. Maybe it was after your parents finally let you watch that movie you promised wouldn’t give you nightmares. Back then nothing could get us, so long as we hid under out blankets. But we had to do…

Post by Peter McCalister January 11, 2012

Microsoft Patch Tuesday – January 2012

Before we get started on this month’s releases, just a quick reminder that Microsoft released an out-of-band (OOB) security bulletin (MS11-100) late last month. That brought their 2011 total to 100 bulletins – so much for keeping it in double digits. To start off the new year, today Microsoft released seven bulletins. Microsoft finally tamed…

Post by Chris Silva January 10, 2012
villain trio

Healthcare Data Breaches Thanks To Insiders

A Ponemon Institute report published this month found that healthcare data breaches have risen 32 percent since 2010. Ninety-six percent of all healthcare providers say they have had at least one data breach in the last two years and that most of these were due to employee mistakes and sloppiness, while 46 percent of respondents…

Post by Peter McCalister January 10, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 5

DON’T COMMENT AT ALL – EVEN WHEN A GOVERNMENT WATCHDOG OUTS YOUR POOR PRACTICE MUCH LATER – Numerous UK Local Authorities up to Nov 2011 This strategy is used by organisations who know that trying to make an excuse for such widespread poor practice is like pouring petrol on a fire. Best to keep quiet…

Post by Peter McCalister January 9, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 4

WE’RE STILL INVESTIGATING HOW IT HAPPENED, IT’S TOO CONFIDENTIAL TO SAY MORE, BUT REST ASSURED EVERYTHING IS OK NOW. – The IMF, June 2011 This excuse is often used by organisations that decide to mop up media interest with an early announcement confirming investigations are underway (we’re taking this seriously) while reassuring people everything is…

Post by Peter McCalister January 6, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 3

BLAME IT ON A THIRD PARTY/MALWARE/THE WEATHER – Frequently throughout the year…. With so much out-soucing today, it’s easy to divert attention away from your role in allowing data to be breached, by focusing on slopping practices of third party suppliers and contractors (while not saying of course that it was you who hired them…

Post by Peter McCalister January 5, 2012

Top 5 Data Breach Excuses Of 2011 (And What They Really Mean): Part 2

SHUT THE DOOR AFTER THE HORSE HAS BOLTED. High Point Regional Health System, USA, September 2011 This excuse allows the breached organization to sound authoritative by providing an answer to how the breach could have been prevented to the media and public, even if it is a solution they haven’t put into practice yet. Unfortunately,…

Post by Peter McCalister January 4, 2012