| ||||
This article takes a closer look at infosec risks, threats, attacks, vulnerabilities and countermeasures/security controls. It differentiates between the concepts and provides industry-standard definitions for each. The article also explores four basic categories of countermeasures/security controls: preventative, reactive, detective and administrative. Finally, the article examines the ‘Risks = Threats X Vulnerabilities X Impact’ formula from a critical [...]  Enterprise privacy policies and privacy programs are essential. While policies alone cannot prevent data breaches or misuse of personal information, they are a good step in ensuring transparency and privacy-friendly practices. A privacy policy should contain the following key components: notice; consumer choice; access and correction; security; and [...] The CIA triad is a well-known model in information security development. It is applied in various situations to identify problems or weaknesses and to establish security solutions. It is an industry standard that information systems professionals should be familiar with. What is the CIA Triad? The CIA triad refers to an information security model made up of the three main components: confidentiality, integrity and availability. Each component represents a fundamental objective of information security. In order to avoid confusion, the CIA triad is sometimes referred to as the AIC triad, or PAIN, which stands for privacy, availability/authentication, integrity and non-repudiation. The three components [...] The ISO (International Organization for Standards) publishes international standards for the private sector. The ISO 27000 standards series refers to information security matters. Since October 2005, the ISO has published six of these standards, with controls ranging from managing security systems to problem solving methodology to [...] The E-Government Acts of 2002 involved a large number of new regulations to implement and control the use of electronic technologies by the U.S. Government. Title III of this Act, called the Federal Information Security Management Act required all Government agencies to develop extensive information security [...] Last week, the British Security Service and Secret Intelligence Services, better known as MI5 and MI6, showed exactly how expensive information security procedures really can be. Details unveiled last week show MI6 scrapped a 2006 undercover drug raid operation in Columbia for fear that a lost USB stick containing covert agents and informants may have fallen into the wrong [...] Credit card payment processor Heartland Payment Systems announced this week that hundreds of millions of credit card transactions were stolen last year. This latest hack far eclipsed the 45 Million TJX Companies records lost from 2004-2007. The stolen data includes names, credit/debit card numbers and expiration [...] Last week, a NY Police Sergeant admitted he made unauthorized accesses to the FBI’s National Crime Information Center database in December [...] It took over a decade, but two German researchers found an application for a flaw in the MD5 hash widely used throughout the Internet for [...] Postini is Google’s 2006 acquisition for secure messaging, and a direct competitor to IronPort. All of their offerings surround Software As A Service (SAAS), matching directly with Google’s overall technology strategy. They provide several services, including web security, anti-spam/malware, mail filtering, and archival with indexing. The Data Leakage Prevention capabilities provide privacy protections through outbound communication filters. Additionally, there are management tools and continuity procedures appropriate for enterprise use. Postini’s background technology stems from threat assessment and message parsing capabilities, grown through several years as a primary mail provider. There are two major patents, with a variety of [...] | ||||
Privacy Policy and Usage Agreement | ||||
