5 Things You Should Know about PCI DSS Penetration Testing

The Payment Card Industry Data Security Standard (PCI DSS) was introduced to provide a minimum degree of security when it comes to handling customer card information. While the Standard has been around for over a decade, penetration testing has only recently been officially incorporated into the process. There’s a lot to cover in a PCI … Read More The post 5 Things You Should Know about PCI DSS Penetration Testing appeared first on The State of Security.
Read more

Women in Information Security: Candy Alexander

Last time, I had an excellent discussion with Keirsten Brager, a security engineer for a utility company. This time, I had the pleasure of speaking with Candy Alexander. She got into cybersecurity at least partly because of Kevin Mitnick. Kim Crawley: Please tell me about what you do. Candy Alexander: I am currently working as … Read More The post Women in Information Security: Candy Alexander appeared first on The State of Security.
Read more

7 Things To Consider When Creating An Acceptable Use Policy

If you have read any of my posts or attended my webinars about security awareness, training, compliance, or other IT risk management items, you will notice a recurring theme: expecting technology to do all of the work in preventing a security or risk-related event is not the correct mindset. Rather, creating a culture of risk … Read More The post 7 Things To Consider When Creating An Acceptable Use Policy appeared first on The State of Security.
Read more

Insider Threat Hunting: What You Need to Know

Insider threat relates to malicious activity from an organization’s internal employees, contractors, or ex-employees who abused access to the company’s internal systems and applications to compromise the confidentiality, integrity, or availability concerns to critical information systems or data with or without malicious intent. Insider threat includes IT sabotage, fraud, or theft of intellectual property. Insiders … Read More The post Insider Threat Hunting: What You Need to Know appeared first on The State of Security.
Read more

Is It Possible to Manage a Secure Business in the Cloud?

“Cloud computing” is not a buzz phrase anymore, but it is essential for most businesses looking to achieve sound business continuity alternatives combined with a comprehensive security model. Cloud Computing What is cloud computing, and what does it do? Very simply, for the end-user, a cloud computing experience is no different than using a desktop/laptop … Read More The post Is It Possible to Manage a Secure Business in the Cloud? appeared first on The State of Security.
Read more

Anti-Honeypot – Repelling Attackers Using Fake Indicators

When you, your co-worker or family member are infected with the latest ransomware, it is the “successful” end of a multi-party complex venture. Cybercrime nowadays is not a single genius guy sitting in his parents’ garage – it’s an enterprise. It has the equivalents of CEO, CFO, COO, and CTO. As an example, you may … Read More The post Anti-Honeypot – Repelling Attackers Using Fake Indicators appeared first on The State of Security.
Read more

New EU General Data Protection Regulation (GDPR): An IT Security View

The new EU General Data Protection Regulation (GDPR) is the biggest shake-up in privacy legislation and data management approach for many years. It will impact any organisation throughout the world that processes personal data relating to EU citizens. Organisations that breach the regulation can be fined up to four percent of their annual global turnover or … Read More The post New EU General Data Protection Regulation (GDPR): An IT Security View appeared first on The State of Security.
Read more

Women in Information Security: Keirsten Brager

My interviews with women and non-males in cybersecurity here on The State of Security have been very popular. Last month, when I looked for subjects for the third “Women in Information Security” series, I got an overwhelming response! The first person I interviewed for this next wave of interviews was security engineer Keirsten Brager. We had … Read More The post Women in Information Security: Keirsten Brager appeared first on The State of Security.
Read more

The Most Egregious Data Breaches of the Last 4 Years

With the slew of massive data breaches in the news recently, like the HBO hacks or the Gmail phishing scam, many businesses may worry that they could be next. And while many breaches are easily preventable, many more are the result of complex, sophisticated cyber attacks that are hard to defend against. As more and … Read More The post The Most Egregious Data Breaches of the Last 4 Years appeared first on The State of Security.
Read more

Tick, Tock on NIST 800-171 Compliance

If you have contracts with the United States Department of Defense (DoD) or are a subcontractor to a prime contractor with DoD contracts, your organization has until December 31, 2017, to implement NIST SP 800-171. This is a requirement that is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. In the context of … Read More The post Tick, Tock on NIST 800-171 Compliance appeared first on The State of Security.
Read more
Page 1 of 212