Archive for the 'Security' Category

Page 3 of 4

Data Protection – Not Always a Slam Dunk

It’s March Madness time, one of my favorite times of year. Maybe it’s playing college basketball brackets with friends and co-workers that has me thinking of infrastructure strategy in basketball terms. But anyway, it occurs to me that while backup and recovery isn’t sexy, it is critical — and not always a slam dunk.

Continue reading ‘Data Protection – Not Always a Slam Dunk’

Comparing Managed Service Providers – Full Service versus Service Ready

Managed services and compliance as a service: Service SignOne component of selling Layered Tech’s managed services is dealing with the competitive comparison issue, as prospective clients attempt to determine which service provider is the best fit for their IT management needs. The need to compare Layered Tech to our competition is understandable, but the breadth of our available capabilities makes direct comparisons difficult.

Continue reading ‘Comparing Managed Service Providers – Full Service versus Service Ready’

Hospital Data Breaches

Earlier this month, Lisa Vaas published an article on the Naked Security web site on the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security funded by ID Experts.  Ms. Vaas did a good job of summarizing the most significant finding in the report, that of increase of data breaches over the past three years are due mainly to a lack of secure devices and staff negligence (see graph from report below).

Data Breach Graph

Continue reading ‘Hospital Data Breaches’

Security as a Subset of Risk Management

What does Risk Management mean to you?  If you have read my blog you know that I focus on topics like Security or Compliance.  You may have noticed, as well, that my title is Chief Risk Officer and you may have wondered how this fits together.  Compliance cannot exist without the appropriate controls (security) in place.  Moreover, Risk Management can be said to be the art of balancing the value of the cost of a control versus the value of the benefit derived from the control.

Continue reading ‘Security as a Subset of Risk Management’

The Payment Processing Chain – Holistic Risk Management

ATM keypadA lot of people in the credit card industry focus on the compliance and security component of the payment processing chain that they control.  This is expected and is the right thing to do.  Most people do not have an appreciation of the steps needed for a successful transaction.  Some merchants, cards and banks could have varying processes but most transactions involve, at a minimum, a consumer, a merchant, a payment gateway or processor, the card brand and the bank issuing the card.  In order for a transaction to complete, the reverse path is taken to validate the transaction.  Add in credits, refunds and loyalty programs and that’s a lot of moving parts in a system that appears to act instantaneously.  The system works well and we all depend on that.
Continue reading ‘The Payment Processing Chain – Holistic Risk Management’

Holiday Security – Manage Your Risks

Credit CardsWelcome to the holiday season!  Along with the holiday cheer, parties, presents and spending come some risks of which we should all be aware.  Situational Awareness is a phrase that some might not recognize.  Situational Awareness entails being aware of your surroundings and environment and adapting your behaviors to address the risks being presented.

Continue reading ‘Holiday Security – Manage Your Risks’

How Much is Your Data Worth?

online shoppingEveryone knows that a lot of information about each of us is floating around various segments of the internet.  The prevalence of online shopping, social media and portable computing has made us comfortable with this and in many ways that is a good thing for commerce, society and individuals.  Many of us feel very confident in the controls that exist to protect data about us and in most cases that confidence is well founded.
Continue reading ‘How Much is Your Data Worth?’

Cost of Data Breach Review

Cost of BreachRecognition of information security responsibility is reducing costs of breaches.

From time to time I look over the Ponemon Institute reports related to data breach costs to get a feel for the business value of securing data.  After reading the most recent Ponemon Institute report, I want to talk about the interesting executive summary highlights.

Continue reading ‘Cost of Data Breach Review’

ConSec ’12 Recap

ConSec '12 Consumerization of IT – Are You Keeping Pace?Earlier this month, I attended ConSec ’12 Consumerization of IT – Are You Keeping Pace? in Austin, TX.  This year marks the tenth bi-annual gathering and it was a three-day event that offered attendees a choice of one of four optional workshops followed by two full days of sessions in three tracks.  This regional conference targets attendees from Texas and the four surrounding states.  Vendors were clearly visible in the exhibit area.  The uniqueness that helps contribute to the continuing success of this conference is the hosting.  Volunteers from four organizations act as planners, schedulers, marketers, logistics experts and hosts.
Continue reading ‘ConSec ’12 Recap’

Facing the Facts: How to Avoid Cloud Security Risks

Cloud Security RisksDespite increasing adoption in cloud computing, many companies are still hesitant about making the leap to the cloud due to concerns about security. In fact, a recent cloud computing survey revealed that security and compliance are the top inhibitors for cloud adoption.

Continue reading ‘Facing the Facts: How to Avoid Cloud Security Risks’