AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY
Entries with Label: Security
DNS Audits: A Practical Guide
Friday, February 13, 2009
DNS is gaining more attention as companies add VOIP and wireless networking to their enterprise. These advancements have put greater strain on DNS and in turn require more sophisticated solutions. As a result, we've been doing a lot more DNS audits for customers. Here are a few things that are critical to a good DNS strategy that most companies do not think about.
Emphasizing Virtualization Security
Wednesday, February 18, 2009
Perhaps companies figure so much attention has been given to virtualization that if it was not secure they'd hear about it in the press. Because it appears that at many organizations virtualization security has been "back-burnered."
Recent Breaches Remind us to Focus on Security
Tuesday, February 24, 2009
As Wired notes, two major security breaches have been reported in the past month alone at large credit card processors putting millions of MasterCard and Visa cardholders at risk of having their information stolen. Today there is an increased level of criminal activity that takes place in the Cyber world. Identity theft and credit card theft are two of the most prevalent in addition to the phishing that occurs as criminals attempt to redirect consumers to non-legitimate sites posing as their bank or retailer.
Tightening Budgets and Their Impact on IT Security
Tuesday, February 24, 2009
In an earlier post I mentioned the recent credit card security breaches. I want to encourage businesses everywhere, not just retailers to take this news as a reminder of the importance of strong, well-managed security strategy and policy. The business community at large and not just retailers, online merchants and banks, need to ensure that their security infrastructure is sound. As I go out and speak with Medium and Large Enterprise customers, I often hear that IT budgets will remain flat or decrease due to the state of the economy. There are those that are increasing their IT spend however they seem to be in the minority. IT departments are struggling to prioritize their shrinking IT dollars across important projects.
Ten Steps for the Mass Data Security Law
Wednesday, March 04, 2009
Massachusetts recently pushed back the implementation date of the Massachusetts Data Security law, formally known as 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH. This law, which was scheduled to take effect on January 1, 2009, was originally delayed to May 1, 2009 and then delayed again to January 1, 2010. While there are no guarantees that the law will not be pushed back a third time as we approach the end of 2009, prudent organizations should not count on this and should take the opportunity provided by this extension to get in compliance.
HIPAA Revitalized in 2009 and Beyond
Friday, March 13, 2009
It’s been a few years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) came into effect and since then there seems to have been a “gliding along” approach. Many health organizations are now either compliant or at least feel like they have a grasp on HIPPA privacy and security safeguards and what they all mean. The challenge for organizations has always been “how to” protect Personally Identifiable Information (PII) in both paper and electronic form. HIPAA has often been labeled somewhat ambiguous and enforcement is not always forthcoming. HIPAA has also been overshadowed somewhat by other compliance and regulatory advances by the government and private industry.
PCI DSS v1.2 and its Requirement from WEP to WPA Wireless Encryption
Wednesday, May 06, 2009
Although PCI SSC changed the wireless security standards 6 months ago with the release of PCI DSS v1.2, many merchants are still using WEP in the storage, processing or transmission of credit card information.
The Checklist Approach to IT Security is Failing You
Monday, May 18, 2009
In the past few weeks I have spoken to a number of companies about IT security, and a familiar theme has emerged – too many companies lack a sound framework for overall IT security. Instead many companies are overly focused on completing a check list – firewall, encryption, PCI compliance.
Lax Web Site Security: The Site Owner’s Responsibility
Tuesday, June 02, 2009
SQL Injection vulnerabilities have been around for a long time and web site managers are or should be very familiar with them. A SQL Injection is the insertion of malicious code that can exploit a vulnerability in the database layer of a web application. A thorough explanation of SQL Injections can be found on Wikipedia.
Implement, educate and enforce strict Social Media usage policies – in that order
Thursday, August 06, 2009
For several years I have championed for organizations of all sizes and industries to review and update their IT security policies - while simultaneously imploring companies to implement policies when none exist. If the proliferation of compliance and regulatory requirements still has not convinced you to take IT policy and procedure seriously, then prepare for Web 2.0 to force it upon you!
Boston’s Missing Email Case Has Many People Asking Questions about Digital Forensics
Wednesday, September 16, 2009
On September 14, Massachusetts Secretary of State William Galvin ordered the city of Boston to seize computers and software used by Mayor Menino’s aide, Michael J. Kineavy. Under question is whether Kineavy may have violated state law by deleting emails. According to the news articles, Kineavy deleted emails from his inbox and trash folder every day, possibly before the city’s systems made a backup. Alan N. Cote, head of the public records division in Galvin’s office, ordered the city to hire “a qualified independent and competent technology expert to employ all reasonable means of recovering and restoring the missing records”.
Don’t Put off Until Tomorrow…
Thursday, September 24, 2009
The third extension for MA CMR 17 has me thinking of one of my grandmother’s favorite sayings “don’t put off until tomorrow, what you can do today.” As we all know, Massachusetts again extended the deadline for CMR 17 compliance to March 1, 2010 from January. While it’s human nature to see the extension as an opportunity to table compliance projects until the New Year, I caution against that.
Improving Vulnerability and Patch Management
Thursday, October 15, 2009
If you are a resource administrator, then you probably spend too much time responding to new vulnerability reports and patching systems. For the security folks, you probably spend too much of your time tracking down the status on remediation and trying to qualify new vulnerability notifications. So how can we manage this better?
Ensuring Security in the Virtualized Environment
Friday, January 08, 2010
With virtualization more and more prevalent in your IT infrastructure, this is a good time to ensure your virtualized environment is meeting the same high standards for security that you have set for your non-virtual infrastructure.
Your Workers are Surfing While Snacking on a Big Mac - Time to Revisit Managing Your End-Point.
Wednesday, January 13, 2010
The availability of wireless networks has proliferated in our society to the point where even at your neighborhood McDonalds you can get online. 27 million people eat at one of McDonald’s 30,000 restaurants per day so chances are high someone on your team will connect in from McDonalds often. With this increased Wi-Fi availability, comes greater requirements for organizations to secure and protect the end-point.
