The concept of identity is core to the protection of data. Data and other computing resources exist to be used by individuals, each of whom has an identity that is used to grant of deny access to such resources. However, identity is not limited to humans. Computer services also have an identity that allows them to interact with other services and data.
We may not be using more of our brains but we can probably use more of our data. Did you know that organizations typically use only 1 percent of the data they collect? Why is this and how can we change it? Do organizations need more motivation, utility, expertise, tools, or just better data retention policies?
2016 is going to be a big year for security. News of data breaches and the major technological innovations of 2015 will put more pressure on companies to implement effective organizational security. I believe 2016 will see major initiatives in these seven areas: Securing the supply chain, leveraging more data analytics for security, IoT security, more security executive hiring, more focus on retaining security talent, extending security to the mobile device, and encryption becoming the minimum standard for security.
Cybercriminals are raising the black flag this Black Friday and Cyber Monday. These are the biggest shopping days of the year and these criminals know that the sales ads and offers will soon start pouring in. Buried among those offers will be fake deals from these cyber criminals. Use these tips to stay safe this year.
This statement may be familiar to many who have considered cloud services and it was both the start and end to many cloud discussions.
What is most important to you, cloud security and service customization or flexibility and cost?
Those who picked security and service customization adopted a private cloud model and those who picked flexibility and cost chose a public cloud model. Those that couldn’t choose continued using traditional IT to solve today’s problems and they had a tough time of it.
The good news is that you don’t have to make that choice anymore. Security, service customization, flexibility, and cost objectives can each be met through a merger of public and private cloud approaches in the hybrid cloud. To understand how this works, let’s briefly explore both prior models and the compare them to the hybrid cloud.
The maturation of the cloud is fascinating as it continues to adapt, providing more opportunities for companies and consumers to leverage the vast computing and storage power of computers around the world. Whether those resources are housed in a corporate data center or dedicated hosting facility as part of private cloud services or through third party public cloud offerings, the cloud is most likely part of your everyday life and it is one of the biggest technology growth areas, offering companies ways to save money and become more adaptable to change.
There are many options for cloud consumers, those utilizing or wishing to utilize cloud services. A large differentiator in cloud types lies in ownership and operation of the cloud infrastructure and three main types of clouds, private, public and hybrid are used to support differing business needs.
Security is a growing field, and with its growth come many different career options. As you gain experience in different security areas, you may choose to further specialize or move into management in that area. Some security roles include analyst, network security engineer, auditor, computer forensics and penetration testing.
I was recently asked the question, Can eDiscovery systems prove the integrity of the email that they discover? If so, how?
Email differs from loose files in that emails are contained within a database such as Microsoft Exchange or IBM Lotus Notes. Loose files are typically hashed using a mathematical algorithm that can show that the data on a system and the data captured are the same but each message in a mailbox does not directly correlate to a single file that could be hashed. In some cases, mailboxes are contained in a single file such as a PST when exported or when mailbox segmentation is implemented on a Lotus Notes mailbox database but most often, one or more databases contains the messages for many different users. These databases are binary files that cannot be opened using a text editor. Furthermore, many systems deduplicate their databases so that multiple copies of emails are stored as one with pointers to others.
Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data and availability by deleting data or taking down the systems that host the data.
By and far, most attacks have been focused on disrupting confidentiality or availability so defense mechanisms and training has also been focused there. The number of data breaches has skyrocketed and there is a flourishing market for stolen data including personal health information, credit card numbers, social security numbers, advertising lists, and proprietary technology. We also see many attacks on availability through Denial of Service.
Integrity attacks are much less commonplace, but they still represent a threat. Organizations must protect more than just confidentiality to be secure (see Overly and Howell’s Myth #3).
So what does an attack on integrity look like? Let’s look at three examples.
Do you know why all the major online retailers offer a way for users to review products? It’s because people want feedback from others when making a decision. Job searches are no different. A resume may say a lot about skills and experience, but it says little about a person and, in the end, it’s the person who gets hired. Start networking to accomplish this. You can do this by building a network, networking through groups and through social networking.