NIST sends out Preliminary Cybersecurity Framework RFC | HealthITSecurity.com.
In response to concerns about the increasing numbers of incidents with critical infrastructure a new or updated framework is being constructed to reduce risks. I am curious to see the updates for handling data and databases.
The 5 Causes of IAM Failure | FishNet Security.
My experience with IAM failure is from unrealistic expectations. Where original suggested design is too far from implemented design leading to unhappy customers and preventable outages. The cost on implement project plus outages and further implementations exceed early design by a wide margin. The get is in and we will fix it mentality vs lets look at end state build our roadmap to that.
Talking Data Security and Compliance » Security is a Business Imperative, Not an IT Task.
We cannot just bolt it an. It is a new way of thinking. For example, there is a generation of us that hold doors open for people. This thinking leads to “tailgating” thru a security point. A whole new way of thinking has to be adopted to prevent this. Everything else from having issues with a common system and asking to borrow a user-id and password to “just get it done”. Change is hard. Breaking bad habits when they are not thought of as bad or a security issue is going to be harder. BYOD should be very fun for classification of data and the issues it bring with that policy.
OUCH! Security Awareness Newsletter.
These are great tips and easy reading. A very easy way of updating business units in easy to read snippets.
Vodafone Iceland Björked after Turkish hacker pinches passwords • The Register.
These types of breaches will be every increasing as social engineering steps up putting together all the pieces.