As virtualization adoption grows, organizations are becoming more attuned to the need to properly configure and lock down virtualization. Virtualization is a complex technology with many facets, and there are numerous types of controls that can be implemented to secure these assets. Most security teams are still developing internal policies and processes to define how virtual infrastructure should be enabled and maintained.Read More
Published on 01/28/15 06:28PM
Published on 01/22/15 04:17PM
As frustrating as it can be for IT leaders and CISOs to struggle with a lack of respect from a CEO and the rest of the C-suite, in many ways they need to look in the mirror to place blame for that situation. As we've discussed in the past here at Business Insights, a lot of the respect issue comes down to ineffective communication.Read More
Published on 01/20/15 05:53PM
When it comes to security vulnerabilities and threats, you might not think about the media and entertainment industry in the same way you’d consider, say, financial services, healthcare and retail. Companies in these latter industries handle a lot of personally identifiable customer information or present potentially attractive financial targets for hackers.Read More
Published on 01/16/15 03:30PM
Back to work, people! It's time for CISOs to dust the holiday cookie crumbs from their lips and stop rubbernecking the proverbial car crash that was the Sony incident. As 2015 kicks off, it’s the perfect time to reevaluate plans and priorities, and maybe even engage in a bit of wishful thinking. As security and risk management professionals start the year, the following items are most likely to hit their wish list for the coming 12 months.Read More
Published on 01/14/15 03:30PM
In my last post, I explored the idea of improving information security with virtualization technology, namely in the areas of inventory and configuration management. These are likely the most visible and applicable places for “crossover” improvement, affecting both security and IT operations.Read More
Published on 01/12/15 03:46PM
Last year's non-stop parade of breaches showed CEOs and boards how detrimental a lack in security investment can really be to an enterprise's health, let alone their own job security. After all, last year saw the dismissal of Target's CEO following that company's disastrous breach—one of the first very big public firings of a chief executive in the wake of a security incident. And just last month Sony Picture's disastrous hack and subsequent release of sensitive emails to and from executives showed the personal consequences to executives when enterprises don't invest in security—for example, the incident greatly tarnished the personal reputation of studio co-chair Amy Pascal.Read More
Published on 01/07/15 04:00PM
When you hear about the types of organizations that make it a high priority to build a strong information security strategy, healthcare institutions often come up. And why shouldn’t they?
Keeping patients’ data secure and private is vital to maintaining their trust, and it’s also mandated by regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act.Read More
Published on 01/05/15 03:30PM
It is no secret virtualization technology is changing the datacenter landscape. The agility, flexibility, and overall operational benefits are myriad, and conversations about the return on investment in virtualization have, for the most part, long-since been concluded. However, as with many wide changes in computing, conversations about security implications tend to lag behind. For security professionals, increasing agility can also mean introducing new areas of concern; agility can create fragility.Read More
Published on 12/29/14 04:00PM
The news these days in security is mostly “doom and gloom”. Just consulting a site like DatalossDB.org is enough to depress even the most hardened security professional. However, there are technology advances happening all around us - some which may lead to new security issues, and others that may help security teams out enormously.
I’m willing to argue that virtualization technology falls into the latter category on most counts. Sure, there are flaws in virtualization software, and new attack vectors (the hypervisor, management tools, etc.).Read More
Published on 12/24/14 03:30PM
Transportation is one of those industries that affects everyone in the world just about every day of the year. It encompasses motor vehicles, roadways, bridges and tunnels; planes and airports; trains, tracks and stations; boats, ships and ports—basically any entity that helps get people and things from point A to point B or beyond.
So it goes without saying that ensuring the security of systems, networks, applications and data that support or maintain the transportation infrastructure in any way is critical to the protection of individuals and the well being of society.Read More