Archive For: Compliance

Risk of using VNC in an Enterprise Environment

VNC is a protocol used by a number of products for remote viewing and control of devices.  I am also including services such as X11 in this discussion.  Ultimately, this includes any remote viewing software that is not native to an application that runs persistently on the end device. Identity Access Management Software like this, ... Read More
 

IaaS and the Shared Responsibility Model

  A note to vendors: Infrastructure as a Service (IaaS) != secure/compliant applications, it can, but doesn’t by default. Why are people putting their servers and applications in IaaS providers like AWS and Azure? They can get a cheap, fast and secured data center to host their servers/applications. But that doesn’t mean they get the ... Read More
 

NIST Guide for Cybersecurity Incident Recovery

NIST, National Institute for Standards and Technology, just released a new guide for incident response and recovery for a cyber security incident. What is a Cyber Security Incident? According to NIST Special Publication 800-61, Computer Security and Incident Handling Guide, an event is any observable occurrence in a system or network. Events include a user ... Read More
 

The Hitlist: Compliance

This post is focused on compliance and cyber security.  What we mean is if your organization is attempting to become compliant to an industry standard or regulation, these are things that will have to be considered and more than likely implemented across the board for things such as PCI-DSS, HIPAA, ISO27k, FISMA and more.  Here ... Read More
 

Study: Cost of Data Breaches Increasing

Cross posted from http://www.securit360.com/blog where I am a regular author. A study published by Ponemon Institute, and sponsored by IBM, purported that the average total cost of data breaches increased 15% in the last year to $3.5 million, or $145 per record containing protected information.  The study included participants from 314 companies in at least 10 ... Read More