Ron Lepofsky
Data Loss Prevention: Less Flip this Week
Last week I discussed Data Loss Prevention as a solution in search of a problem. This week I’ll reduce the level of flip and review more detail deliverables of DLP solutions and some DLP vendors.Data leakage prevention technology...
Data Loss Prevention: Solution in Search of a Problem?
Data loss prevention technology sounds like a no-brainer from the get-go. DLP technology tells us when confidential data is in danger of compromise or when users’ behaviour may lead to the threat of compromise.Pro-active DLP products...
Debriefing: NERC CIP 011
A few weeks ago I wrote about the anticipated positive aspects of NERC CIP 011. I received comments and questions about timing of approval and implementation, as well as a request to briefly clarify the intent of the current...
Phase II: Why have I not yet implemented File Integrity Management (FIM)?
Last blog I ran out of time and space. This blog covers how FIM works and where to search for vendors that provide related tools.Here’s how File Integrity Monitoring works. The files of interest are scanned initially to create a...
Why have I not yet implemented File Integrity Management (FIM)?
If you have not yet deployed FIM perhaps now is a good time to ask “why not”.If your organization is now addressing data loss prevention (DLP) by minimizing the risk of damage by malicious code and by enforcing strict access controls...
Do you know about Heavyweight NERC CIP 011-1?
Electrical utilities are already challenged with the process of becoming certified for compliance with the NERC CIP standard for IT security.The NERC CIP standard is evolving, thank goodness. Perhaps you haven’t noticed the innocuous...
Land mines, application audits: Is your audit scope correct?
Doing an application audit is like looking for land mines. If you want to find all the land mines, you have to search every single square inch of real estate you want to ensure is mine-free. Otherwise, what’s the point of looking for...
Intrusion Detection: Why do I need IDS, IPS, or HIDS?
Intrusion detection technology presents a confusing array of acronyms, abstract concepts, and hazy deliverables. This exacerbates the difficult situation for executives who are asked to pay for these security goodies.In a nutshell...
What’s the threat? Smart Grid or Dazed Defenders
The Government Accountability Office recently warned that the quick uptake of smart grid infrastructure is likely to result in more cyber attacks. I think what they actually mean is lots of destruction and damage as the result of new...
Click jacking for Pain and Profit
Click jacking is headline grabbing again as Google released the latest version of its Android mobile operating system on Dec 6. Google has added security features that (they say) will harden Android to click jacking attacks. Click...
What’s your Pain Threshold for Mobile Phone Identity Theft?
The FBI's Internet Crime Complaint Center (IC3) recently published a warning about Smishing and Vishing. These mobile phone threats are variations of phishing, but smishing uses SMS texts to initiate the scam, while vishing uses...