TechRepublic Resources
- Take steps to safeguard sensitive data
- Is your organization responsible for complying with one or more of the many privacy-related pieces of legislation that the U.S. government has enacted over the past decade? It's a good bet that it is.Whether it's the Health Insurance Portability and Accountability Act (HIPAA), which addresses healthcare information, the Gramm-Leach-Bliley Act...
- Tags: Security Solutions, Passwords, Mike Mullins, End User, data theft, Compliance
- Blog posts 2007-07-05
- Phishing and pharming 101: Protect your identity
- Using a variety of nefarious methods, phishing and pharming are a consistent problem that threatens everyone with identity theft. If you recognize what these methods are and how malicious users employ them, you can keep yourself and your users from becoming a victim.A quick reviewPhishing involves sending an e-mail that...
- Tags: Security Solutions, Security, Phishing, Pharming, Mike Mullins, Identity Theft, E-mail, data theft, Cybercrime
- Blog posts 2007-06-28
- Deal responsibly with identity data breaches
- Most security managers are aware of some form of the 5 steps for handling an incident: prevent, detect, contain, eradicate, and recover. These steps are usually sufficient for those incidents in which Personally Identifiable Information (PII) or electronic Protected Health Information (ePHI) isn't compromised. However, a breach of individual identity...
- Tags: Security, Medical Identity Theft, Leadership, IT Management, Identity Theft, data theft, Cybercrime, Computer Crime, Compliance
- Blog posts 2007-06-21
- Security solutions often have secondary benefits
- Like all security managers, I work to implement the right tools to defend against specific threats. Sometimes, however, a tool implemented for one purpose might be valuable in other ways. About two years ago, we installed a web filtering application that blocks user access to selected web site categories. The business...
- Tags: Threats, Threat Modeling, Spyware, Risk Management, patching, Malware, IT Management, Intrusion Detection, Internet, HIPAA, Hacking, data theft, Cybercrime, Computer Crime, Antivirus
- Blog posts 2007-06-03
- Protect your endpoint devices from swap and hibernation file data leaks
- Many organizations are becoming very conscientious when it comes to protecting sensitive data. The release of personally identifiable information (PII), electronic protected health information (ePHI), intellectual property, and authentication information (e.g. passwords) can be very damaging. However, there are two areas on Windows and Linux workstations that can...
- Tags: Windows, Security, It Management, HIPAA, data theft, Computer Forensics
- Blog posts 2007-05-10
- Protect your network against fiber hacks
- Copper cable has been known as the easily-tapped physical transmission medium for years. Conscientious network and security managers either provided tight physical security for cabling or used fiber as an alternative. Many network managers considered fiber relatively safe due to the perceived challenges associated with tapping into an...
- Tags: Security, Physical Security, It Management, Intrusion Detection, data theft, Cable Taps
- Blog posts 2007-05-03
- Data encryption is not a security panacea
- Data encryption is getting a lot of press these days. It seems like a host of businesses are running to encryption vendors to see how fast they can scramble their sensitive information in the face of well-publicized data breaches. Much of this excitement (or hysteria) is fueled by...
- Tags: Threat Modeling, Sox, Security, Medical Identity Theft, It Management, Identity Theft, HIPAA, Encryption, Database Assurance, data theft, Compliance
- Blog posts 2007-04-02
- What's the Most Secure OS? Surprise! It's Windows. (Well, sort of, in a way, if you look at things in a certain fashion and ignore other security metrics.)
- The startling conclusion that Microsoft has the most secure OS isn’t mine (although I don’t find it all that fantastically unlikely), but that of some observors who came to that conclusion after looking at Symantec’s Internet Security Threat Report Volume IX (http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport) that covers the second half...
- Tags: Social Security, Web browsers, Microsoft Windows, Symantec Corp., vulnerability, Web, security
- Blog posts 2007-03-24
- The sad reality about software assurance
- In today’s world of increasing threats targeting our data for profit as well as the spread of governmentally imposed constraints, I believed that all major software vendors had gotten the message—practice due diligence in making your software secure. However, I was recently disillusioned. Several months ago, we...
- Tags: Compliance, data theft, Database Assurance, HIPAA, It Management, Security, Sox
- Blog posts 2007-03-22
- Anti-virus vendors worry about the pace of malware production
- Kaspersky Labs Eugene Kaspersky and F-Secures Mikko Hypponen spoke out about the growing difficulties in keeping up with cyber criminals. In a speech at CeBit in Hanover, Germany, Kaspersky stated flatly that, "If the growth in malware continues at the current pace, makers of anti-virus software may not be...
- Tags: Antivirus, Antivirus Research, Computer Crime, Cybercrime, data theft, Hacking, Identity Theft, Internet, It Management, Security, Spyware
- Blog posts 2007-03-19
- Protect your laptop from ad hoc wireless networks
- Over the past several months there have been a host of articles written about an issue with the Windows XP’s default wireless settings. The issue discussed is the automatic search for, and connection to, computer-to-computer wireless networks without user intervention.In this post, I take a quick look at why...
- Tags: Ad hoc networks, data theft, Hacking, HIPAA, Identity Theft, Internet, It Management, Laptop, Microsoft Update, networking, Security, Wi-fi
- Blog posts 2007-03-19
- New paint protects wireless devices
- EMC-SEC Technologies, the sales and marketing arm of Unitech LLC, announced that it will begin marketing an RF reflecting paint ("Unwanted Wireless Signals Bouce Off This Paint", W. David Gardner, InformationWeek, 16 Mar 2007). The paint is used by various U.S. defense and intelligence agencies and was subjected to three...
- Tags: Cybercrime, data theft, It Management, Security, Wi-fi
- Blog posts 2007-03-17
- Can Everyone See Your Cut-'n'-Paste? Probably, if you use IE 6 or earlier.
- One of the things that separates complete novices from beginners and more advanced PC users is the use of Ctrl-C and Ctrl-V. Probably everyone reading this uses the Windows cut-and-paste feature every few minutes on a busy day.I bet your executives do it and, lets face it, even the most...
- Tags: Security, Microsoft, Passwords, Windows, Hacks, End-user Communication, Internet, IE, Ie6, data theft, privacy
- Blog posts 2007-03-17
- Keep your eye on the data
- “Keep your eye on the ball” is a common admonition that, because of its broad application, spread far beyond the playing field. With a slight change, it applies equally well to protecting information assets—keep your eye on the data.I find it a continuous struggle to help my peers in...
- Tags: Storage, Databases, security
- Blog posts 2007-03-05
- Protect your organization from steganographic data theft
- The art and science of steganography has been around for centuries. It’s used to write hidden messages in a way that prevents anyone but the recipient from interpreting them. As technology grew it was only natural for steganographic techniques to find their way into electronic processes. It...
- Tags: Computer Crime, data theft, HIPAA, Identity Theft, image, It Management, Medical Identity Theft, Security, Steganography, Tom Olzak
- Blog posts 2007-01-29
- Network printers: the often overlooked piece to the security puzzle
- Looking over the work your security team has accomplished over the last few years, you’re pretty satisfied. Servers and workstations are hardened. Layers of intrusion defense (IDS, IPS, firewalls, VLAN’s, etc.) are in place. Anti-virus and anti-spyware solutions are running and regularly updated. The SOX audits...
- Tags: Antivirus, data theft, It Management, network, network printer, networking, printer, Security, Tom Olzak
- Blog posts 2007-01-18
- Protect sensitive data everywhere: not just in production
- Defending against unwanted network and end-user device intrusions has one objective—protecting the data. This means protecting the data no matter where it resides or how it moves. However, this seems to be a problem in some organizations when addressing security for testing (QA) and development environments.Recently I discovered...
- Tags: Compliance, data theft, HIPAA, identity, Identity Theft, It Management, Medical Identity Theft, PII, privacy, QA, Security, Tom Olzak
- Blog posts 2007-01-11
- Protect medical identities: lives may depend on it
- As HIPAA Security Rule compliance slips, the number of medical identity thefts increases. Unlike financial identity theft, the theft of an individual’s medical identity can lead to serious health, employment, and insurability issues.The HIPAA (Health Insurance Portability and Accountability Act of 1996) required that all covered entities (CE’s) be...
- Tags: CE&rsquo, s, Compliance, Cybercrime, data theft, Government, health, HIPAA, Identity Theft, It Management, Medical Identity Theft, Security, Standards, Tom Olzak
- Blog posts 2007-01-01
- Who's stealing your clipboard contents?
- Windows Clipboard data is at risk when using IE to surf the web. Unless an organization modifies default IE security settings for versions 4 thru 6, information copied to the Windows clipboard can be easily retrieved by an unscrupulous webmaster.A demonstration of this “feature” is provided at scriptmagic.com. ...
- Tags: clipboard, data theft, IE, It Management, Microsoft, Microsoft Internet Explorer, Security, Threats, vulnerability, Windows
- Blog posts 2006-12-25
- Consider content monitoring for data protection compliance
- Security managers, working closely with other members of IT management teams, have become pretty good at protecting information assets from external threats. Even in this era of deperimeterization, IT teams are beginning to effectively tighten security around systems in addition to the enterprise overall. But what about the...
- Tags: Compliance, data protection, data theft, E-mail, End User, End-user Communication, monitoring, Security
- Blog posts 2006-12-18
Harnessing the power of waves
Planting solar gardens
Fill your car for $1.10 a gallon?