Skip to main content

Home/ WPPS C-Suite News/ Group items tagged breach

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Layoffs could lead to theft of interllectual property, placement of code - 0 views

www.linkedin.com/...366179-6510159

extortion layoffs employee workplace

shared by sandy ingram on 17 Nov 08 - No Cached
  • Since we are witnessing one of the most greatest surges in layoffs, how has your information security processes been coping with the increase?
  • I hear that many employees, in anticipation of a layoff, are stealing intellectual property. Thus, some damage to the company may be done prior to the lay off taking place.
  • have direct experience of employees who planted code that would disable key functions in the corporate IT system
  • ...9 more annotations...
  • I have met others who have bought their way into competitors using confidential information.
  • To be completely brutal and honest, if you are in a position to be worried about these things then your organisation has not taken its' security (in the broadest terms) seriously.
  • Security considerations are starting to move higher up the value chain away from its roots of network centricity towards applications and business concerns.
  • I have been monitoring the IT security industry and what I have noticed is not only the number of layoffs but also that there is so few high level IT Security jobs been advertised. Too many organisations see IT Security as an expense, and they have problem seeing the ROI form IT Security project.
  • how vulnerable is the Global economy to the next big attack.
  • corporations rapidly lose the ability to stop serious security breaches within the company as many in this forum have stated many examples.
  • I have seen many people go to extremes and sell this inside information, corporate espionage to name one example, in order to survive.
  • To understand the seriousness of this economic turmoil affecting corporation globally, a Director of Information Security from one of the largest and most admired global corporations was let go in a downsizing restructuring.
  • Understand that every company large and small is going through profound economic issues trying to do more with less staff.
  • sandy ingram on 17 Nov 08
     
    In one case, it was used for extortion, i.e. to demand a better severance package. The other used it for revenge.
sandy ingram

Microsoft Enterprise Content Management (ECM) Team Blog : EDiscovery in SharePoint Serv... - 0 views

blogs.msdn.com/...in-sharepoint-server-2010.aspx

sharepoint ediscovery 2010 content microsoft ecm Compliance Breach policy

shared by sandy ingram on 20 Apr 10 - Cached
  • In this post, I want to highlight three major improvements in SharePoint that support eDiscovery. You can: Manage holds and conduct eDiscovery searches on any site collection Use SharePoint Server Search or FAST Search for SharePoint out of box to search and process content Automatically copy eDiscovery search results to a separate repository for further analysis
  • SharePoint Sever 2010 addresses the Information Management, Identification, Preservation and Collection stages
  • Hold and eDiscovery is a site level feature that can be activated on any site.
  • ...5 more annotations...
  • Activating this feature creates a new category in Site Settings that provides links to Holds and Hold Reports lists
  • With the Hold and eDiscovery feature you can create holds in the hold list and then manually add content to the relevant hold by clicking on Compliance Details from the drop down menu for individual items.
  • What if you have a large amount of items you want to find and add to a hold? For that you can use the features on the Discover and hold content page, which is a settings page in Site Settings. From this page you can specify a search query and then preview the results. The configured search service (SharePoint Search Server or FAST Search for SharePoint) will automatically be used. You can then select the option to keep items on hold in place so they cannot be edited or deleted, or if you have configured a Content Organizer Send to location in Central Administration you can have content copied to another site and placed on hold
  • When searching and processing, the search will by default be scoped to the entire Site Collection and run with elevated permissions so all content can be discovered
  • In summary, SharePoint Server 2010 contains key features that make it an essential aspect of your eDiscovery strategy. With the new SharePoint Server 2010 capabilities you can easily apply proper retention policies for all content and make it easier to discover content if an eDiscovery event occurs. eDiscovery often prescribes tight deadlines for production. SharePoint 2010 helps you find the right content and deliver it faster.
  • sandy ingram on 20 Apr 10
     
    i everyone, I am Quentin Christensen and I work on document and records management functionality for SharePoint. Electronic discovery (commonly referred to as eDiscovery) is an area we are supporting with new set of capabilities in SharePoint Server 2010. In case you are not familiar with eDiscovery, it is the process of finding, preserving, analyzing and producing content in electronic formats as required by litigation or investigations. eDiscovery is an important concern for all of our customers and given that SharePoint has grown to be an integral part of collaboration, document, and records management for many organizations, we recognize the need to support the eDiscovery process for SharePoint content. Microsoft Office SharePoint Server 2007 included a hold feature that could be used for eDiscovery, but it was scoped to the Records Center site template. With SharePoint Server 2010 the eDiscovery capabilities have been greatly expanded to provide more functionality and the power to use these features across your entire SharePoint deployment. In this post, I want to highlight three major improvements in SharePoint that support eDiscovery. You can: Manage holds and conduct eDiscovery searches on any site collection Use SharePoint Server Search or FAST Search for SharePoint out of box to search and process content Automatically copy eDiscovery search results to a separate repository for further analysis
sandy ingram

Small Companies Look to #Cloud for Savings in 2011 - WSJ.com - 0 views

online.wsj.com/...3513204576047972349898048.html

Privacy security compliance cloud Best Practice

shared by sandy ingram on 30 Dec 10 - No Cached
  • As of April 2010, only about 7% of small-business owners were using cloud services, but that number is expected to grow to more than 10% by mid-2011, according to a survey by technology-research firm IDC.
  • Half of small firms that use "the cloud" say it has improved their bottom line, according to a survey this fall by Microsoft Corp., which provides cloud services.
  • A number of surveys show that some business owners are hesitant to try cloud computing because they don't want to stray from familiar systems or invest in new ones. Some owners that have made the switch, however, say it has been a boon to their cash-strapped firms.
  • ...6 more annotations...
  • Garey Willbanks, owner of Boiler Management Ltd. in Houston, says he pays about $600 a month to store information in the cloud. He estimates that is less than a tenth of what he would pay if he hired technology personnel to run an in-house storage server.
  • In June, Michael Tracy, a private law practitioner in Irvine, Calif., decided to try Nextpoint, a cloud-based program for attorneys. He had previously spent $10,000 to $12,000 a year licensing software that would organize materials before a trial. The problem was he needed it just a few times a year. By contrast, Mr. Tracy pays for Nextpoint only when he uses it, and he anticipates spending just $4,000 to $6,000 a year on the service.
  • "If you already have tight control over your company, your expenses may drop 10% to 20%,"
  • Despite the savings, there are risks. Security breaches, for instance, can happen if the cloud provider isn't reliable. "If they make money directly from you, then they will want to secure [your information]," Mr. Enderle says. "If they make it through advertising," they may be more likely to sell the information to advertisers, he says.
  • Others fear that they might lose their information, or have to spend a lot of time transferring data, if they want out.
  • "So make sure it's the right provider and that you're ready to be in it for the long haul."
  • sandy ingram on 30 Dec 10
     
    "A growing number of small-business owners are expected to try cloud computing services next year, hoping to trim costs and stay up and running if disaster strikes. Cloud computing refers to any service that operates over an Internet connection, allowing immediate access from any computer or mobile device with Web access. Business owners can access software or store information-such as customer contacts, accounting data and presentations-and leave the technical maintenance to the cloud provider. "
sandy ingram

Infosecurity (USA) - White House cybersecurity proposal shifts FISMA responsibility to DHS - 0 views

www.infosecurity-us.com/...ts-fisma-responsibility-to-dhs

security Privacy compliance FISMA DHS Best Practice

shared by sandy ingram on 07 Jun 11 - No Cached
  • This would in effect shift FISMA implementation responsibility away from the Office of Management and Budget (OMB) and the National Institute for Standards and Technology (NIST) to DHS, “where the knowledge of attacks informs the defense”, Paller said.
  • “DHS has already demonstrated that they are focusing on the critical controls....They are focusing on effectiveness measures, rather than make work”
  • The proposal would also expand the DHS authority over cybersecurity of private networks, particularly critical infrastructure. DHS would have the authority to develop and conduct risk assessments of private sector critical infrastructure systems and share information with the private sector about threats and best practices.
  • ...5 more annotations...
  • “This brings the same rationality to offense informing defense. Instead of telling people that they have to have a good security plan, what DHS’s role will be is to demonstrate what best practices are and make sure people are measuring against those best practices”, Paller said.
  • The White House proposal would also create a national data breach notification requirement standardizing various state laws
  • “The administration's proposal would protect individuals by requiring businesses to notify consumers if personal information is compromised, and clarifies penalties for computer crimes including mandatory minimums for critical infrastructure intrusions.
  • The proposal would improve critical infrastructure protection by bolstering public-private partnerships with improved authority for the federal government to provide voluntary assistance to companies and increase information sharing.
  • It also would protect federal government networks by formalizing management roles, improving recruitment of cybersecurity professionals, and safeguarding the nation's access to cost-effective data storage solutions.”
  • sandy ingram on 07 Jun 11
     
    The White House proposal, which is a comprehensive cybersecurity plan, includes a provision directing the Department of Homeland Security (DHS) "to exercise primary responsibility within the executive branch for information security. This includes implementation of information security policies and directives and compliance" with FISMA, except for national security systems.
sandy ingram

Mobile malware, "whaling" top challenges of 2011, says IBM report - SC Magazine US - 0 views

www.scmagazineus.com/...213219

security mobile malware IBM report

shared by sandy ingram on 30 Sep 11 - No Cached
  • To address these new challenges, the report said, enterprises need to shape their risk exposure, communication, end-user education and technology in a delicate balance.
  • One of the newest vectors of attack – the so-called “bring your own device” approach – has sprung up from the burgeoning market for smartphones and tablets and their adaption into the enterprise network, the report said. Security issues seen on the mobile platform are rising with the market – with double the number of mobile exploit releases that were seen in 2010.
  • Third-party app markets, a Wild West of often unregulated offerings, are the primary bazaar for malicious software created to attack mobile phones.
  • ...4 more annotations...
  • Infected mobile applications can also come from peer-to-peer networks hosted on websites
  • This year's breaches have highlighted the emerging risk of “whaling,” a variant of spear phishing that targets "big fish,” or high-level personnel
  • Of further concern for IT security professionals is the rise of professional teams charged with collecting intellectual property and strategic intelligence, the report found.
  • In addition, so-called hacktivist groups, such as LulzSec and Anonymous, have used well-worn attack techniques, such as SQL injection, to successfully target websites and computer networks for political ends rather than financial gain.
  • sandy ingram on 30 Sep 11
     
    An unprecedented number of successful attacks on corporate networks in the first half of the year illustrates that "basic network security is not just a technical problem, but rather a complex business challenge,"
sandy ingram

CEOs underestimate security risks, survey finds - 0 views

www.computerworld.com/...te_security_risks_survey_finds

Best Practice privacy security CEO Ponemon suvey

shared by sandy ingram on 18 Jul 09 - No Cached
  • Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
  • of 213 CEOs, CIOs, COOs and other senior executives reveals what appears to be a perception gap between CEOs and other senior managers concerning information security issues.
  • 48% of CEOs surveyed said they believe hackers rarely try to access corporate data
  • ...5 more annotations...
  • On the other hand, some 53% of other C-level executives believe that their company's data is under attack on a daily or even hourly basis.
  • The survey also found that the top executives were less aware of specific security incidents at their companies than other C-level executives and are more confident that data breaches can be easily avoided.
  • CEOs and other top managers differed in their opinion of who is responsible for protecting corporate data.
  • While eight out of 10 respondents said they believe there is one person responsible for data protection in their organization, there was a sharp difference of opinion on just who that person was.
  • More than half of the CEOs said that CIOs are responsible for protecting data at their companies; only 24% of other senior managers felt the same way
  • sandy ingram on 18 Jul 09
     
    Computerworld - Compared to other key corporate executives, CEOs appear to underestimate the IT security risks faced by their own organizations, according to a survey of C-level executives released today by the Ponemon Institute.
sandy ingram

Managing Cloud Risks - Forbes - 0 views

www.forbes.com/...managing-cloud-risks

security privacy compliance Best Practice cybersecurity cloud GRC

shared by sandy ingram on 27 Oct 11 - No Cached
  • SLAs and the “Right to Audit” Clause When you move your data to the cloud, you must consider the risk to your brand should a breach occur. You need to ensure that any Service Level Agreements (SLAs) you have in place protect it. SLAs should address any and all risks to your data while it lives in the cloud. 
  • sandy ingram on 27 Oct 11
     
    Vendor Risk Management and Cloud Security Standards Another important consideration when mapping out your cloud GRC strategy is to ensure your vendor risk management program accounts for the new risks that come with moving to the cloud.
« First ‹ Previous 41 - 48 of 48
Showing 20 items per page