You are viewing 'risk assessment'
Several Penetration Testing assessments that I’ve worked on lately, as a Security Consultant for Solutionary Professional Security Services, have really made me think about the challenges organizations face within corporate information security programs. Recently, the biggest issue I’ve seen has to do with risk management, legacy applications, and network protocols that assist users requesting resources on the network or Internet. I’ve been finding a specific vulnerability that should not exist on any network, even those supporting legacy applications. It seems that alternative solutions for supporting those applications, however, may be pretty scarce.
So what can a business do to mitigate the risk associated with supporting legacy applications until those applications can be upgraded? In order to answer this question, let’s first look at a recent assessment... read more >
Is it Contagious?
Would you even be aware if you were? Health care data breaches are just a small percentage of data breaches reported in the past year. However, health care data breaches can affect its victims way more than other breaches – such as the high profile retail data breaches we constantly see in the news. So why are health care data breaches different?
Health data is what sets health care data breaches apart from other data breaches. Unlike retail system breaches where the information stolen is mostly limited to credit card data, health data can contain birth dates, policy numbers, diagnosis codes, billing information and potentially very sensitive personal information. The stolen information can be used to create fake identities to illegally obtain prescription drugs or buy medical supplies and equipment that can be resold. Patient information can be combined... read more >
Applying Real-World Security to the Digital World
Chickens need security too.
Yes, you read this correctly and you do not need glasses, Chickens need security too! As a country person, I have spent some time doing risk assessments, penetration testing and tabletop exercises - for a flock of chickens. Some of the lessons learned from protecting a flock of chickens, desperately need to be adopted by those working in network security today.
Think of the chicken for just a moment. A chicken is a defenseless bird, preyed on by many different types of predators. They need protection. When raising chickens, a person must take this into account or their flock of chickens isn’t going to last long. There are foxes on the prowl that would love to have a nice, fresh chicken dinner. These foxes are smart – they can find and exploit the smallest hole in the fence or wall (and then all you have left are some chicken feathers).... read more >
Why Organizations are Failing to Secure Their Data
Solutionary, as a Managed Security Services Provider (MSSP), not only has insight into the types of events that occur in our clients' environments, but also sees how the CSOs, CISOs, and CIOs responsible for protecting those assets respond. From our unique position, we are able to evaluate what works for different organizations and what doesn’t.
We are able to observe how these leaders approach data and asset protection from a very operational perspective. Seeing these different approaches on a day-to-day basis gives us a unique understanding of what technologies and roadmaps actually work and, just as importantly, which do not.
One consistent observation is clear, “if you do not plan it, it will not happen, or it will not happen with great success.”
What do I mean?
One of the greatest failures we see is that organizations do not realize that securing their data requires both tactical... read more >
Getting Started and Assessing Risk
In the past, I’ve had a tendency to write very verbose posts that end up tediously long. I can’t change that. I’m detail-oriented, and admit I’m a bit (a lot) anal retentive. For this blog, I’m going to try something new. Rather than release a 4,800-word blog, I’m going to break it out into a series of weekly posts for seven consecutive weeks. This is week one.
In an effort to expand on my previous physical security-related blogs (e.g., A Quick Physical Security Checklist, Physical Security – Is enough really too much?, and Why Not Improve Physical Security Controls at Schools?), this one will address lobby security and a few other related items.
I will not be addressing retail businesses, as each... read more >