- Welcome Guest
- Sign In
- Welcome Guest
- Sign In
It's December again, and it's a challenging time for information security organizations. It's challenging because while attacks become more prevalent during the holiday season in the form of spam and targeted malware, organizational security "readiness" paradoxically wanes at exactly the same time....
Everybody knows that the cloud -- in particular, the security of cloud deployments -- is a huge pain point industry-wide. And as is the case with any new endeavor with such broad-sweeping impact, there's no shortage of well-meaning advice about how to secure it. But I confess to finding much of t...
Organizations love false economies. It may not be an entirely conscious act on their part, but it's certainly the truth: Hang around any organization long enough, and you'll find at least one instance where it tries to save on doing A but winds up spending more on doing B in the process. Consider, ...
It's a myth that ostriches bury their heads when they spot danger. It sounds plausible, but in reality, they're just like us: In the face of imminent danger, they either run or attack. This makes sense when you stop to think about it. After all, one thing that seems almost painfully obvious is tha...
Over the past few decades, most IT shops have followed a somewhat similar trajectory: Starting from a centralized model, computing resources, much like the cosmological Big Bang, have exploded outwards to become ever-more-distributed and decentralized. This makes sense given market dynamics. Comput...
Let's face it: Social engineering -- attacking an organization through deception by "tricking" internal users into sharing inappropriate levels of access -- isn't a topic that comes up very much in most IT shops. This isn't because social engineering is ineffective or because organizations aren't s...
Is it just me, or does it seem like every day there's another breach to worry about? RSA, Epsilon, Sony, now Citibank -- it seems like a day doesn't go by where there isn't another high-profile breach in the news. It seems like everyone's getting hacked, and it seems like it's happening with incre...
Take a moment to visualize a physician traveling home in a cab from a long day. Stuck in traffic, our hypothetical physician sees this as the perfect time to catch up on email and or to do non-care-related administrative tasks. At the end of the cab ride, he or she puts the phone down to pay the d...
Information security pros working in the healthcare sector quite often experience a high degree of frustration and anxiety when it comes to the Security Rule's "addressable" implementation specifications. As any healthcare provider will tell you, the addressable requirements of the security rule te...
If you ever have a need to burn off some excess optimism, try taking a look through some of the statistics out there about success and failure rates for enterprise IT projects -- it's pretty ugly. Although specifics of statistic and survey data vary, studies have historically suggested failure ra...
Teamwork is important. We all know this to be the case whenever we do anything in a group involving other people. But arbitrary -- even directionless -- teamwork doesn't make success by itself, no matter what the motivational poster might tell you. There are different kinds of teamwork. Consider, ...
Have you ever found yourself paying the penalty for a rule you didn't even know you were breaking? Like getting a ticket for speeding when you didn't realize the speed limit had changed? Or paying a work-related travel expenses out of our own pocket because you didn't realize your firm's travel pol...
Skills develop with practice and repetition. It's true of anything, from playing the piano to driving a car. In any endeavor, the way to get better is to practice. Attempt the activity again and again, learning from mistakes made along the way. "Practice makes perfect" -- that's not a way we usual...
Well, it's November again. And in addition to gearing up for turkeys, pumpkin pie and football, those of us in IT know it's time to gear up for something else, something probably much less pleasant: our annual budget cycle. It's time once again for us to enter into days-long deliberation sessions ...
As we should probably realize by now, not all tasks are created equal -- especially when it comes to making mistakes. For most of the things we do -- from brushing our teeth to typing an email -- making a mistake is usually relatively innocuous. Sure, we might have to clean a bit of the toothpaste ...
A lot of folks have been making a big deal the past few days about Google employee David Barksdale. If you haven't caught the coverage, the fuss is centered around this one employee -- a mid-twenties "site reliability engineer" -- who (allegedly) inappropriately used his position of authority and c...
Imagine this situation: A coworker calls you in a panic. He's facing a fast-approaching deadline, and you are the only person who can help him succeed in getting some critical task done. This hypothetical coworker explains to you what he's working on and how it's critical to the success of the orga...
Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other i...
I don't mean the blind spot you get behind you when you're out on the road driving -- where you can't see a passing car in your rear-view mirror. Instead, I'm talking about something that's an aspect of human physiology: the "anatomical blind spot" -- a place inside your eye where the optic nerve r...
There's no shame in admitting that audits are hard. For those of us in IT, hearing the word "audit" probably brings up a groundswell of negative connotations and the corresponding aggravation and headache: We know from having lived through it that tech-heavy regulatory audits -- annual PCI assessme...
Loading ...
