Backblog

By Chris Hartley

Cloud Computing and SaaS

Clouds are mysterious.   They come in a variety of shapes, sizes, consistencies and architectures.  I like clouds however, I am not sure I want my data floating about in one any more than is necessary.  Cloud Computing is not my forte however;... Read more

August 24, 2010
By Chris Hartley

Secure Code: SDLC and Security Are Not Mutually Exclusive

Software is an essential, non-negotiable aspect of everything we experience in our daily lives.  It is a technological parallel of water to the biological realm.  All things within the worlds that govern the use and application of either software or... Read more

August 9, 2010
By Steve Fuller

Skype Security Risks for the Enterprise, Part 1

Recently, I have had a number of questions from clients about the use of Skype in the Enterprise and the security risks that it presents.  While Skype is not new, I believe this represents exactly the type of question that IT security will be... Read more

August 2, 2010 IM, P2P, Policy, Skype, VOIP
By Chris Hartley

The Ideology of Payment Security

I thought I would cover a topic I spend a lot of time dealing with and discussing, online payment security and ecommerce. Payment security, in particular PCI, tends to be a controversial and religious topic among security professionals. If you ever... Read more

July 28, 2010 Compliance, PCI
By Chris Hartley

Threat Modeling

For most of us, the concept of Threat Modeling takes on different meanings based upon our experiences, areas of expertise, areas of interest and comprehension of what constitutes and is defined as a threat by industry and by ourselves.  For man,... Read more

July 27, 2010 Risk Management
By Chris Hartley

Addressing Risk Management Aversion

 

When I think of information security in the broadest sense, I immediately think of managing and mitigating risk.   I know of no more appropriate way in which to view our discipline and have for years and years (largely due to my diverse background... Read more
July 23, 2010 Risk Management
By Chris Hartley

Seven Tips for Effective Incident Response Policies

Incident response (IR)  has great value to IT security professionals. Each incident is unique, but there are some common policies that need to be in place for proper preparation of the response team and the corporate staff. Here are the top seven... Read more

July 21, 2010 Incident Response, Policy, Risk Management
By Chris Hartley

It’s Time for Healthcare Organizations to Get Serious About HIPAA and HITECH

Earlier this year, Connecticut Attorney General Richard Blumenthal filed the first known HIPAA lawsuit at the state level. He filed against Health Net of Connecticut Inc. for allegedly failing to secure patients’ private records, including medical... Read more

July 20, 2010 Compliance, Health Care
By Chris Hartley

With Experian EI3PA Security Program In Effect, How Soon Will Equifax and Transunion Follow Suit?

In the world of credit bureaus, we all know who the big 3 players are; Experian, Equifax, and Transunion. When Experian decided that they were going to implement their own security program for its resellers to follow, I was quite interested to see... Read more

July 12, 2010 Compliance, EI3PA
By Christian

Anti-virus is a Poor Substitute for Common Sense

A new study about the (in)efficacy of anti-virus software in detecting the latest malware threats is a much-needed reminder that staying safe online is more about using your head than finding the right mix or brand of security software.

Last week,... Read more

June 28, 2010