CTR Exclusives

Data Governance Based on Roles and Responsibilities is Key to Avoiding Regulatory Risk

Monday, 17 June 2013 17:18
Data Governance Based on Roles and Responsibilities is Key to Avoiding Regulatory Risk

by Jonathan Sander

Data governance is critical to managing the availability, integrity and security of all data across the enterprise. Every organization must comply with today’s copious amounts of external regulations for handling data, and data governance is the discipline that helps the enterprise remain compliant and avoid regulatory risk. A data governance plan defines who is accountable for your unstructured data held in files, folders and shares across NTFS, NAS devices and SharePoint. It also establishes a set of controls and audit procedures that ensure compliance is continuous.

Along with establishing who is accountable for the data, a data governance plan defines the level of access for each of those data stewards. Ideally, this should be based on each employee’s role and responsibilities, and determined by the business stakeholders who have insight into who should have access to different sensitive data, and what kind of risk is posed by that access. The critical need to maintain regulatory compliance has changed the landscape for businesses today. In the past, business needed IT to perform a task, and, as long as the task was executed, nobody really cared how it was done. With today’s transparency and interconnectedness, businesses want governance and oversight to avoid potentially costly compliance breaches.

Read more...
 

Anonymous Social Media for Healthcare

Monday, 20 May 2013 11:47
Anonymous Social Media for Healthcare

by M.K.

Recently, I was reading about an anonymous social media site focused on healthcare. It allows doctors and patients to share discussions about specific symptoms. Anonymously. Great idea. The world of social media is moving very fast toward more privacy and anonymity when it comes to sharing discussions on social networks. And that's the great thing about socialnumber.com, a site that allows anonymous discussions across any topic – healthcare, substance abuse, sex, spouses, bad bosses, global warming, politics – whether it's rebels against the Syrian government, dissenters of Chinese government, or Palestine/Israel supporters – religion and various other topics.

Read more...

Ten Years After - Where Security Monitoring Still Falls Short: Part Two

Monday, 06 May 2013 09:21
Ten Years After - Where Security Monitoring Still Falls Short: Part Two

by John Linkous

This article is the second in a two-part series. Read the first part here.

If you read the first half of this article and you’re a security professional who has experienced a major incident similar to the SQL Slammer worm infection that I detailed, then please accept my apology if I caused you a queasy stomach, a pounding headache or violent flashbacks. I promise that this half of the article will give you hope.

When we last left off, my team had successfully – if not immediately – eliminated SQL Slammer from my customer’s internal network. But we still had a problem: What would happen if this type of malicious code got into our environment again… or worse, if something more malignant made it into the network? While most worms and DDoS attacks are relatively benign in that they don’t usually have destructive payloads, that’s not always the case with malware, which might include potentially damaging components such as keyloggers or rootkits. In the grand scheme of things, we were lucky.

Read more...

BYOD 2.0: Moving Beyond Mobile Device Management

Thursday, 25 April 2013 13:06
BYOD 2.0: Moving Beyond Mobile Device Management

by Peter Silva

BYOD has quickly transformed IT, offering a revolutionary way to support the mobile workforce. The first wave of BYOD featured Mobile Device Management (MDM) solutions that controlled the entire device. In the next wave, BYOD 2.0, control applies only to those apps necessary for business, enforcing corporate policy while maintaining personal privacy. A Mobile App Manager is a complete mobile application management platform built for BYOD 2.0.

BYOD Drivers
In 2013, the mobile workforce is expected to increase to 1.2 billion — a figure that will represent about 35 percent of the worldwide workforce—and many of those workers will be using their own devices.

Read more...

IT's Jungle - Taming the Content Filtering False Positive Problem

Tuesday, 16 April 2013 11:22
IT's Jungle - Taming the Content Filtering False Positive Problem

by Bob Janacek

In an effort to safeguard sensitive information leaving an organization via email, many companies turn to content filtering of outbound mail. Unfortunately, technology in first-generation solutions uses a pattern-matching approach that often creates a large number of false positive alerts, flagging data that could otherwise be transmitted with no complications.

In some cases, an improperly flagged email might not reach its intended recipient. In other cases, the message might be encrypted, forcing the recipient to take additional steps to read its content. With either situation, a large number of content filtering false positives interrupts business and upsets employees, customers and clients. This compels some IT departments to turn off the filtering to appease their business managers.

This is no way to operate. Similar to the approach taken with other security efforts (such as when new products were first used for intrusion detection and prevention), companies need a content filtering solution that reduces false positives by using next-generation screening technology, such as exact matching. And they need to apply best practices when using these new screening technologies.

Read more...
  • «
  •  Start 
  •  Prev 
  •  1 
  •  2 
  •  3 
  •  4 
  •  5 
  •  6 
  •  7 
  •  8 
  •  9 
  •  10 
  •  Next 
  •  End 
  • »
Page 1 of 28
Sign Up for Breaking News and Top Stories in the CTR+ Newsletter (enter email below)

IT Security Journal