You are viewing 'risk assessment'

Mitigating Legacy Application Risks

#WarStoryWednesday

Michael Born

January 06, 2016 - Posted by Michael Born to Security Insight

Protection

Several Penetration Testing assessments that I’ve worked on lately, as a Security Consultant for Solutionary Professional Security Services, have really made me think about the challenges organizations face within corporate information security programs. Recently, the biggest issue I’ve seen has to do with risk management, legacy applications, and network protocols that assist users requesting resources on the network or Internet. I’ve been finding a specific vulnerability that should not exist on any network, even those supporting legacy applications. It seems that alternative solutions for supporting those applications, however, may be pretty scarce.

So what can a business do to mitigate the risk associated with supporting legacy applications until those applications can be upgraded? In order to answer this question, let’s first look at a recent assessment... read more >

Medical Identity Theft

Is it Contagious?

Michelle Johnston

May 19, 2015 - Posted by Michelle Johnston to Security Insight

Health Care Data Breaches Are you one of the 1 of 4 million Americans affected by a recent health care data breach?

Would you even be aware if you were? Health care data breaches are just a small percentage of data breaches reported in the past year. However, health care data breaches can affect its victims way more than other breaches – such as the high profile retail data breaches we constantly see in the news. So why are health care data breaches different? 

Health data is what sets health care data breaches apart from other data breaches. Unlike retail system breaches where the information stolen is mostly limited to credit card data, health data can contain birth dates, policy numbers, diagnosis codes, billing information and potentially very sensitive personal information. The stolen information can be used to create fake identities to illegally obtain prescription drugs or buy medical supplies and equipment that can be resold. Patient information can be combined... read more >

Chickens Need Security Too!

Applying Real-World Security to the Digital World

David Biser

May 14, 2015 - Posted by David Biser to Security Insight

Fox and the Henhouse

Chickens need security too.

Yes, you read this correctly and you do not need glasses, Chickens need security too!  As a country person, I have spent some time doing risk assessments, penetration testing and tabletop exercises - for a flock of chickens. Some of the lessons learned from protecting a flock of chickens, desperately need to be adopted by those working in network security today.

Think of the chicken for just a moment. A chicken is a defenseless bird, preyed on by many different types of predators. They need protection. When raising chickens, a person must take this into account or their flock of chickens isn’t going to last long. There are foxes on the prowl that would love to have a nice, fresh chicken dinner. These foxes are smart – they can find and exploit the smallest hole in the fence or wall (and then all you have left are some chicken feathers).... read more >

Three Steps to Help Change the Security Paradigm

Why Organizations are Failing to Secure Their Data

Rob Kraus

April 09, 2015 - Posted by Rob Kraus to Security Insight

Solutionary, as a Managed Security Services Provider (MSSP), not only has insight into the types of events that occur in our clients' environments, but also sees how the CSOs, CISOs, and CIOs responsible for protecting those assets respond. From our unique position, we are able to evaluate what works for different organizations and what doesn’t. 

We are able to observe how these leaders approach data and asset protection from a very operational perspective. Seeing these different approaches on a day-to-day basis gives us a unique understanding of what technologies and roadmaps actually work and, just as importantly, which do not. 

One consistent observation is clear, “if you do not plan it, it will not happen, or it will not happen with great success.”

What do I mean?

One of the greatest failures we see is that organizations do not realize that securing their data requires both tactical... read more >

Lobby Security and Beyond – Week One of Seven

Getting Started and Assessing Risk

Brad Curtis

March 17, 2015 - Posted by Brad Curtis to Security Insight

Lobby Security Desk

In the past, I’ve had a tendency to write very verbose posts that end up tediously long. I can’t change that. I’m detail-oriented, and admit I’m a bit (a lot) anal retentive. For this blog, I’m going to try something new. Rather than release a 4,800-word blog, I’m going to break it out into a series of weekly posts for seven consecutive weeks. This is week one.

In an effort to expand on my previous physical security-related blogs (e.g., A Quick Physical Security Checklist, Physical Security – Is enough really too much?,  and  Why Not Improve Physical Security Controls at Schools?), this one will address lobby security and a few other related items.

Overview

I will not be addressing retail businesses, as each... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS