Bad moon rising

By Katherine Teitler 

July 26, 2016

Security teams spend a fair amount of time thinking about incident response. The probability of an information security incident occurring forces teams to consider how to manage intrusions, leaks, and other security vulnerabilities or exploits. When data is stolen or when admin credentials have been pilfered, for instance, security and incident response teams generally have a plan of action, even if the plan isn’t well documented or practiced at optimal intervals. 

Keep reading...

DLP

“DLP” is an acronym for “data loss prevention” or “data leak prevention,” a strategy and suite of technologies to help protect sensitive enterprise data from loss or theft. Though the terms are used somewhat interchangeably, a data leak can occur without loss of data, and a leak can cause serious financial, reputational, or regulatory damage to an organization.

Keep reading...

I’ll be there

By Katherine Teitler 

July 22, 2016

After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games. 

Keep reading...

By Marcos Colon 

July 21, 2016

The evolving threat landscape makes it incredibly difficult for security professionals to protect their organizations. You’d think that with the abundance of security solutions deployed they’d be able to manage cyber risk effectively, yet, the technology that’s intended to protect their organizations may be causing more problems.

Read more ...

Lose Yourself

By Katherine Teitler 

July 19, 2016

The role of the CISO is changing. We hear about it every day: CISOs must become more business oriented and fine-tune communication skills so other executives consider heads of security business equals.

Keep reading...

By Marcos Colon 

July 19, 2016

 

Security practitioners consistently deal with a slew of issues tied to protecting their organization’s most critical assets. When asked what keeps them up at night, it’s an endless list that features connected devices, shadow IT and making sense of the security and risk organization to board members.

Read more...

Spoofing

Spoofing, as it relates to cybersecurity, is part of an attempted adversarial attack aimed at fooling users into taking an action they normally wouldn’t unless requested by a trusted source. Spoofing can be used to alter IP addresses, email, callerID, URls, or other incoming information that is typically used to identify a source.

Keep reading...

The long and winding road

By Katherine Teitler 

July 14, 2016

Insider threat. Third-party risk. Phishing. Privilege escalation. Unencrypted sensitive data. This reads like a “Top 5” list of security concerns, but in fact it’s what allowed Su Bin, the owner of a Chinese aviation technology company, to help two Chinese nationals hack into Boeing’s network and steal more than 65GB of data from the defense contractor.

Keep reading...

We Are the World

By Katherine Teitler 

July 13, 2016

Privacy Shield, the much-anticipated new trans-Atlantic data transfer agreement between the EU and U.S., was approved yesterday by the European Commission. After months of debate and revisions, the Commission finally felt comfortable enough to rubber stamp the framework, which will actually undergo further analysis later this month. If the final-final agreement is approved on July 25, 2016, companies can self-register starting August 1, 2016.

Keep reading...

By Katherine Teitler 

July 12, 2016

The families of five terrorist attack victims filed a lawsuit in U.S. District Court on Monday. The defendant: Facebook. The families, claiming that the social media giant enabled Palestinian militants to carry out deadly attacks in Israel, are suing for more than $1 billion, calling into question the responsibility of technology companies when it comes to security. 

Keep reading...

Content Filtering

Content filtering is a way for organizations to screen and deny potentially harmful or objectionable data from websites, email, or executables. It is a form of censorship for information and media that helps organizations block known malicious or potentially malicious information from entering the network. Content filtering can be integrated into company policies and/or information security as a way of both communicating risks as well implementing controls and rules around what data and information is allowed and what’s denied.

Keep reading...

I wanna get better

By Katherine Teitler 

July 8, 2016

“A lot of security departments are swimming in the wrong direction,” says Raef Meeuwisse, Director of Cybersecurity at Cyber Simplicity Ltd. By this, Meeuwisse means that companies haven’t yet redirected the scope of their security programs—the tools, technologies, and processes—to reflect current threats. 

Keep reading...

Cry me a river

By Katherine Teitler 

July 7, 2016

Security practitioners have long decried the practices of password sharing. Now an appellate court has bolstered that sentiment by handing down a decision in United States v. Nosal, ruling that a former employee of executive search firm Korn/Ferry International has violated the Computer Fraud and Abuse Act, acting “without authorization” when he used credentials supplied to him by a current employee. Upon the defendant’s termination, Korn/Ferry’s IT department revoked system credentials. So far, so good: employee decides to leave company, company turns off access. Score one point for security! 

Keep reading...

Take a chance on me

By Katherine Teitler 

July 6, 2016

Even small, home-spun businesses have a handful of third-party vendors with which they must connect to keep the lights on and the money flowing. Larger organizations might have hundreds or thousands of partners in the supply chain. 

Keep reading...

Certificate Authority

A Certificate Authority (CA) is a trusted third party that issues digital certificates—small, verifiable digital files that contain credentials—which help establish secure communication between parties, entities, servers, or websites. The digital certificate binds ownership information (email address, IP address, name, certificate usage, etc.) to an owner’s public cryptographic key and the certificate ID of the certificate authority. A digital certificate will include the owner’s public key, expiration date of the certificate, a hash algorithm to validate the certificate hasn’t been tampered with, and other information about the public key.

Keep reading...

How you like me now?

By Katherine Teitler 

June 30, 2016

Depending on your source, insider threat accounts for anywhere from 27% - 77% of all breaches. Despite the disparity in agreement about size of the problem, most security practitioners agree that the difficulty identifying insider threat is greater than identifying external threats since insiders have legitimate access to and usage of sensitive company resources.  

Keep reading...

By Marcos Colón 

June 29, 2016

For security practitioners, the name of the game is risk management.  

These risks come in all shapes and sizes, from system vulnerabilities and the onslaught of evolving malware, to threats posed by insiders. We’re not talking about the Edward Snowdens of the world; we mean accounts compromised by miscreants or even honest employees that fall into the increasingly convincing phishing scams hitting their inboxes.

Keep reading...

Event Search

Download Catalog Dark Blue 300x58

Subscribe to Newsletter LightBlue 2 300x58

Register Mobile Security Summit 300x58

Ransomware ad

MIS|TI Tweets

ACL MISTI Grey 300x58

Please choose your region

Submit
Select a Region
United States
United Kingdom/Ireland
Africa
Americas
Asia-Pacific
Europe
Middle East

By continuing to use misti.com you will be agreeing to the website Terms and Conditions, the Privacy Policy, and the Use of cookies while using the website.