|
Budgeting
for security breaches
By Ephraim Schwartz, InfoWorld
Polar Cove's Bruce Eissner is quoted
in this article that discusses the financial consequences of losing
customer data.
Data
Security Bill Sparks Privacy, Technological Concerns
By Jennifer LeClaire, E-Commerce
Times
Polar Cove's Bruce Eissner is quoted
in this article that summarizes some of the privacy and technology
concerns associated with the government's approval of the Financial
Data Protection Act of 2005.
Securing
Mobile Devices and Removable Media
[ HTML ] | [ PDF
]
By Michael Terban, CISSP, SSCP, HIPAA Security
Mobile computing devices and removable
media, all of which can hold sensitive data, are more than conveniences.
For many companies, they have become essential operating tools.
Because they have become so important, they have also become ubiquitous.
Nevertheless, these devices also present significant and special
potential for compromising the confidentiality of data. Posing significant
risks for businesses, they are a mixed blessing.
Reframing
the Insider Threat
[ HTML ] | [ PDF
]
By Eugene Tyrrell, CISSP
External attacks -- hacker exploits,
bot attacks and virus outbreaks -- all make sensational headlines.
It is undeniable that these are significant and real threats. However,
the threat from insiders is equally significant, costly, and real.
In this paper we explore the insider threat, reframing the traditional
concept of the insider, and presenting some no-nonsense, cost effective
ways to mitigate the threats posed by insiders.
SAS
70: Proven Approaches for Mid-Sized Organizations
[ HTML ] | [ PDF
]
By Philip Cronin, CISSP, Eugene Tyrrell, CISSP, and Bruce Eissner
SAS 70 examinations are challenging
tasks for mid-sized organizations; but a SAS 70 exercise can also
produce significant opportunities, provided that it is approached
with the proper perspective and methodology. This paper explores
both the benefits and the challenges that SAS 70 certification can
bring to mid-sized organizations.
Penalties
and dangers for improper controls continue to rise - a brief report.
[ HTML ] | [ PDF
]
By Michael Terban, CISSP, SSCP, HIPAA Security
Rising costs attributed to loss of
private information reaffirm the argument for proper controls for
companies that house customers' private data.
SAS
70 Frequently Asked Questions
[ HTML ] | [ PDF
]
By Eugene T. Tyrrell, CISSP
What is a SAS 70 examination? Is this
a new standard? How has Sarbanes-Oxley impacted the demand for SAS
70 examinations? Can you explain the process at
the 50,000 foot level? What is the difference
between a SAS 70 Report and a Service Auditor’s Report?
IT
Security Benchmarking – Compare yes, but insist on hard
data too.
[ HTML ] | [
PDF
]
By Philip M. Cronin, CISSP, and Bruce Eissner
Benchmarking techniques can provide
a meaningful evaluation of a company’s IT security. While
compliance will tell a company what it must do, benchmarking can
indicate what a company ought to do. Selecting the right mix of
objective measurements, comparative targets and some hard data will
provide unique measures of IT security. This paper discusses how
management can design a powerful approach and apply the results.
IT
Security Awareness in Finance – “ People are the
weak link”
[ HTML ] | [ PDF
]
By Philip M. Cronin, CISSP, and Bruce Eissner
Technical improvements, but…
There have been dramatic improvements in IT security technology
in the last few years. IT security experts point to a substantial
list of technological innovations that includes Intrusion Detection
and Prevention Systems; End-point Security Policy Enforcement /Quarantine;
Biometrics; Centralized Security Management (in house or outsourced);
Computer Forensic Technology; In/Out-bound Content Management; and
more.
Understanding
the Many Benefits of a SAS 70
[ HTML ] | [ PDF
]
By Philip M. Cronin, CISSP, and Bruce Eissner
In this paper, we describe how a SAS
70 may be a requirement for serving many customers; but ultimately,
the SAS 70 can benefit the service provider too.
SAS
70 Overview and Planning Guide
[ HTML ] | [ PDF
]
By Philip M. Cronin, CISSP, and Bruce Eissner
More companies need to provide SAS 70’s:
Recently, there has been a substantial increase in the need for
SAS 70 reports. Much of this need is driven by requirements of the
Sarbanes-Oxley Act of 2002. The Sarbanes-Oxley Act (SOX) now requires
publicly traded companies (SEC registrants) to certify the design
and operational effectiveness of their internal controls environment.
Polar Cove’s
Experience in Sarbanes-Oxley Sec. 404 – A Roadmap
[ HTML ] | [ PDF
]
By Philip M. Cronin, CISSP
SOX has changed the landscape: The Sarbanes-Oxley
Act (SOX) impacts directly on companies that are listed on the US
stock exchanges, but it has standard setting implications for any
company that may go pubic or that might be acquired by a public
company. SOX rules impact heavily on IT assessment itself as well
as on management oversight of all IT control systems that support
external financial disclosures.
Detecting
Wireless LAN MAC Address Spoofing
[ HTML ] | [ PDF
]
By Joshua Wright, GCIH, CCNA
This paper describes some of the techniques attackers
utilize to disrupt wireless networks through MAC address spoofing,
demonstrated with captured traffic that was generated by the AirJack,
FakeAP and Wellenreiter tools. Through the analysis of these traces,
the author identifies techniques that can be employed to detect
applications that are using spoofed MAC addresses.
Layer
2 Analysis of WLAN Discovery Applications for Intrusion Detection
[ HTML ] | [ PDF
]
By Joshua Wright, GCIH, CCNA
This paper reviews some of the tactics used in
wireless LAN network discovery and attempts to identify some of
the fingerprints left by wireless LAN discovery applications, focusing
on the MAC and LLC layers. This fingerprint information can then
be incorporated into intrusion detection tools capable of analyzing
data-link layer traffic.
Security
Should be part of Business Continuity Planning
[ HTML ] | [ PDF
]
By Polar Cove Staff
A security consultant typically wants to know a
few things at the beginning of an engagement: What does the network
look like? What are the critical business processes? Where is the
critical data? The critical processes and data are what the consultant
should try hardest to protect.
Securing
Your Most Valuable Asset [ HTML
] | [ PDF
]
By Dale Cover
When developing a security plan, securing your
company's data should be a key focal point. However, this is often
overlooked as the evaluation of security threats is very complex
due to the increasing order of interconnected systems and network
paths.
Hack Proofing
Your Web Servers [ HTML
] | [ PDF
]
By Erik Petersen
Most people think firewalls are all they need to
secure their IT investment. Firewalls are very important, but they
are just one piece of the overall security picture.
MSN Instant
Messenger Vulnerability [ HTML
] | [ PDF
]
By Seyha Phul
Instant messaging is a great way for friends and
family to communicate in real-time over the internet. It is also
a great way for malicious hackers to get control of your computer
system, thanks to a vulnerability found in the MSN Chat control.
Protecting
Against SQL Injections [ HTML
] | [ PDF
]
By Dale Cover
Building dynamic, embedded, SQL queries is common
in many web based applications. It is a quick and easy way to add
flexibility to an application without having to deal with the management
of static queries and stored procedures. However, if not implemented
correctly, it could potentially open up the database to malicious
behavior.
Security
is not a Product You Buy [ HTML
] | [ PDF
]
By Erik Petersen
One of the most common management mistakes regarding
security is to think security is a product you buy. Corporations
know they must spend money to secure their information assets, but
they often misspend their money on a hodgepodge of security products,
leaving gaping holes for hackers and insiders to walk right through.
[ Back to Top ]
|
