Welcome!


Compliance

Over the last months organizations' employees have embraced the BYOD practices, CIOs are concerned about security issues, lawyers have given their advice, and MDM vendors have taken their message to the companies. But while CIOs try to come up with the best solution to police this prac...
Banks face a difficult tug-of-war every day. Consumers demand innovative new services – regulators demand security, compliance and soundness of all offerings. How can a bank resist being pulled in every direction and find a middle ground? Banks can look to startup technology companies...
Recording and maintaining good evidence of testing is growing more important all the time. The ability to document what actually happened during the development of hardware or software is vital in many industries. Medical equipment is a great example, as any failure could lead to unexp...
Finansbank in Istanbul has developed an impressive record of managed risk and deployments, with an eye to greater automation over time. Governance, risk management and compliance (GRC) form a top-tier of requirements for banks anywhere in the world as they create and deploy applicatio...
I was at the Velocity Conference in London last week. Of course, fish & chips is still a must eat, a double-decker is far more than a bus, and pea shooting is, as always, so… British! But away from these classic London cultural elements, at Velocity I heard more and more about perform...
The killer in any IT operation is unplanned work. Unplanned work may go by many names: firefighting, war rooms, Sev 1 incidents. The bottom line is that Operations must stop whatever planned work it was doing to manage this drill. This means little or no normal work is being accomplish...
Imagine you work at a company preparing to issue its quarterly earnings report. The phone rings. It’s bad news. A coworker has discovered that a former employee has been logging into the company’s network for months. It’s unclear whether the former employee has used this illicit access...
The convergence of market transitions, ranging from collaboration and video to virtualization and cloud-based services, is fundamentally changing the way customers acquire and use technology. As new advanced services and products are introduced, organizations that strengthen their com...
Sharing personal information is central to the way people live, work and do business with each other today. And it’s only going to become more so, as the Identity Economy emerges to establish a new paradigm for commercial interactions. This raises a number of interesting questions and ...
Associated Surgeons and Physicians, LLC in Indiana went from zero to 100 percent virtualized infrastructure and as a result, met many compliance and efficiency goals. In part one of a two-part interview series, we discuss how a mid-market health services provider rapidly adopted serve...
Big Data – a large amount of information that comes in a variety of forms and constantly changes – has generated a significant amount of buzz in the business world, mostly around the implications for marketing. But there’s little attention paid to its potential impact on risk managemen...
Identity management just isn’t what it used to be. Gone are the days when knowing who had access to what was simply enough. In today’s world of increasing government and industry regulation; networked communications and collaboration; and pervasive mobility, the requirements have funda...
While recently researching a known threat group within ThreatConnect.com, we identified several interesting observables associated with targets of a single Chinese-based Advanced Persistent Threat (APT) group. Over the course of seven days, we watched the adversary tailor their comman...
Evolving regulatory compliance requirements can be a major headache for the IT teams responsible for identity and access management (IAM). Sarbanes Oxley, the wide range of privacy regulations and other federal requirements, have transformed IAM from a problem that keeps the chief info...
Designing and implementing a hybrid encryption application is a big challenge but without a supporting infrastructure it’s almost impossible. There are open source libraries that allow you to encrypt a file but only provide the translation technique. After the information has been encr...
With Cloud Expo 2012 Silicon Valley (11th Cloud Expo) due to open in just under three weeks' time at the Santa Clara Convention Center, CA, let's introduce you in greater detail to the distinguished individuals in our incredible Speaker Faculty for the technical program at the West Coa...
Don’t you just love spending millions of dollars to license a commercial ERP package? And then I bet you feel warm and fuzzy about hiring a bus-load of expensive consultants to come and tell you how to run your own business, following so-called ‘best practices’ built into an inflexible...
Local and off-site Backup Combination. It's a best practice to have a combination of local and off-site backup. Typically you want to keep large files, like databases and system state file backups on-site. This enables a quick recovery of the latest version of these files and reduces d...
Is your business creating a mobile app? It’s all the rage, of course. Ninety-one percent of the top 100 brands have branded apps out according to a report by mobile analytics firm Distimo last October. Symantec just announced new research that says 53% of North American companies are m...
TORONTO – June 12, 2012 – PerspecSys Inc., the leader in cloud data protection solutions for the enterprise, today announced it has become a Corporate Member of the Cloud Security Alliance (CSA). The CSA is a not-for-profit organization with a mission to promote the us...
Today’s software development is geared more towards building upon previous work and less about reinventing content from scratch. Resourceful software development organizations and developers use a combination of previously created code, commercial software, open source software, and th...
Advanced malicious content and attacks are starting to threaten conventional network filtering technologies that are not able to keep up with the increased volume and complexity of network traffic. Currently, one in every 14 downloads contains malicious content that may create operatio...
When we aren’t fighting crime, taking over the world, or enjoying a good book by the fire, we here on the eEye Research team like to participate in the Any Means Possible (AMP) Penetration Testing engagements with our clients. For us, it’s a great way to interact one-on-one with IT fol...
Here's a common scenario and one that will become more common with the ever increasing penetration of Tablet Devices in the Enterprise... Your Senior Exec just got their iPad. They love it. They use it everywhere. Literally everywhere! That’s a scary word for anyone involved in securi...
In most organizations today, there is sensitive data that is overexposed and vulnerable to misuse or theft, leaving IT in an ongoing race to prevent data loss. Packet sniffers, firewalls, virus scanners, and spam filters are doing a good job securing the borders, but what about insider...
Social media, including Facebook, Twitter and LinkedIn, is used extensively by many functional areas in companies today to communicate about and promote their efforts, and to interact with their constituencies. For the marketing department, in particular, social media can help build br...
Have to agree that this writer gets it right. At the end of his blog post, he highly recommends everyone take a good look at Google's terms of service. And, that is more sense than we usually get from people writing about our data service suppliers, such as Apple, Facebook, Google, an...
We saw what typically happens when trying to use static rule-based log correlation to perform real-time incident management... combinatory explosion and lack of scalability. How do you automate non-deterministic attacks in a few discrete steps??? Today, we'll look at more scenarios fo...
You’ve spent months fixing the red items on an internal audit report and just passed a regulatory exam. You’ve performed a network vulnerability assessment and network pen test within the last year and have fixes in place. You’ve tightened up your information security policy and recent...
The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This article will look at some of the most useful scanning tools freely available today and how to best use them. During this proc...
Web applications are vulnerable to multitude of security attacks. This exposes the underlying businesses and the consumer data wide open to public view.However for the internet application multiple programming practices need to be followed to prevent such attacks. This paper details i...
The recent spike in insider threats, coupled with a rise in compliance considerations, has forced organizations to ensure only authorized users access sensitive application functionality and data. Historically, user entitlements or authorization logic has been embedded inside an applic...
I will demonstrate how to ARP poison a connection between a Windows 7 and Windows 2008 R2 Server using Cain. The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server. RDP is ...
In the wake of yesterday's FBI seizure of servers, it is interesting to note that one of the industry's most seasoned executives, Abiquo CEO Pete Malcolm, has been anticipating just such an eventuality for a while. In a SYS-CON.tv Power Panel recorded on the eve of Cloud Expo New York,...
This week let's review why logs are such a popular and powerful tool when performing forensics, and how to insure that investigators are working from a clean stream of data. Logs used in forensics have several distinct advantages. First, logs can be used not only to solve the IT crim...
As enterprises struggle to remain profitable in an ever-changing risk environment, the current economic crisis has elevated the need for effective business risk management. Information security is a key parameter that affects business risk. The academic definition of information securi...
The WikiLeaks security fiasco has shed a lot of light on document security and its inherent irony: namely that the more confidential a document is, the more it’s likely to be shared. Web Security Journal reached out to the CEO of Brainloop, Peter Weger, to discuss the notion of so-...
You may think IT compliance is nothing more than big government sticking its nose into everyone’s business. Compliance equals Big Brother. OK, so there is some truth in that government compliance regulations are a little over the top, and perhaps there are just too many of them that fu...
Users are the weakest link when it comes to information security. Without intending to, they cost more money in security breaches than outside hackers. This is why all regulations require the demonstration of strong access security. But focusing purely on regulatory compliance proofs a...
The x86 architecture has become the CPU of choice not only for network appliances, but also for embedded communication equipment in wireline and wireless networking. As the need to cater to higher-performance networking while supporting security and virtualization becomes more prevalen...