About Guest Contributor

Posts by Guest Contributor

Cyber criminals increasingly use advanced methods to implement attack vectors

European Union Agency for Network and Information Security (ENSIA) recently launched their Mid-Year 2013 Threat Landscape report, a sneak peek into what’s to come in the full ENISA Threat Landscape report to be published before the end of 2013. The brief summary gives readers a bit of insight into the changes in trends since the 2012...

Read more

Making the Case for National Cyber Labs

Recently I received a most interesting link from a friend, about a tiny city that was actually a perfect working model of a real-life city built by the SANS Institute. It had real banking networks, power grid networks, public transit systems, a hospital, a military complex, you name it. It’s a fully decked out city in miniature. And the...

Read more

Amended COPAA Rules Expand Data Privacy Protections

Effective July 1, 2013, the amended Children’s Online Privacy Protection Act (COPPA) will take effect. In today’s world, as those of us in security and compliance know all too well, the same information that enables our business and moves our world quickly to the latest and greatest innovation, puts our private information and that of...

Read more

Bring Your Own Device - Or Was it Demise?

Much has been said recently about bring-your-own-device (BYOD).  Some managers see BYOD as a cost saving measure that also makes employees happy.  On the face of it BYOD sounds like a win-win.   The organization doesn't need to spend as much on equipment.  Employees get to use their shiny new devices that are a...

Read more

Trojans for the Bundestag: German Police Acquired Finfisher

In December of last year, the German public prosecutors’ office had declared that there was no legal basis for the use of the so-called “Bundestrojaner” spyware, which was used to spy on German citizens. On top of it being illegally used, it was also found to be of very poor quality after extensive research performed by the Chaos...

Read more

Individual Assessments Required with Criminal Background Checks Part 2

Last time, we chatted about the EEOC and their newer guidelines when it comes to screening potential new employees through the criminal background check process. This time, we will discuss what a company can do to help themselves be compliant with the EEOC guidelines. There are 3 things that a company can do to ensure that it follows the EEOC...

Read more

Individual Assessments Required with Criminal Background Checks Part 1

Human resource departments and hiring managers are being met with a new challenge when it comes to criminal background checks: individual assessments for the disqualification of a candidate based on their criminal background. Though the U.S. Equal Employment Opportunity Commission (EEOC) has not changed its position these background checks, the...

Read more

Security: Let's Start with Education in 2013

Welcome to the new year. Welcome to 2013! What comes with the new year? Why New Year's resolutions, of course. You might be looking to eat better, exercise more, or smoke less. Many CIOs will be making New Year's resolutions to improve system security. And while more complex passwords, intrusion detection systems, new firewalls, operating...

Read more

Santa Got Hacked: The Aftermath of a Breach Event

Last year the world witnessed one of the biggest data breaches in history when networks at the North Pole where compromised by a group of still unidentified hackers which led to the disclosure of highly sensitive data: Santa's naughty list. This year we caught up with the company to see how that breach has affected them and subsequently...

Read more

HIPAA Privacy, Security, Enforcement, and Breach Notification Rules

The “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules” Notice of Proposed Rulemaking (NPRM) were initially published in July, 2010. The Office of Management and Budget (OMB) received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules that had...

Read more

The History of Encryption

We always talk about the latest and greatest (or worst for that matter) of what is happening in our industry. But we don’t ever talk about how it all began. Since encryption is such an important part of infosecurity, let’s take a walk back through history. According to Wikipedia, encryption “has long been used by the military...

Read more

Two-Factor Authentication is Not What it Used to Be

Banking customers in Europe were recently ripped off for millions of Euros by a very sophisticated series of malicious compromises targeting users' computers and cell phones. In effect, two-factor authentication was defeated for about 30,000 customers at more than 30 different banks. This proves that with persistence,...

Read more

Countdown to Data Privacy Day – Top 10 Recommendations for Protecting Your Privacy

Data Privacy Day takes place annually on January 28 and is sponsored by the National Cyber Security Alliance, an organization focused on cyber security education. The purpose of Data Privacy Day is to serve as a reminder of the importance of protecting people’s privacy and maintaining control of their digital footprints. As stored data...

Read more

The Dutch, the Yanks, the Cloud and YOU

Recently a research project by the Amsterdam University [PDF Alert] revealed that US law allows for the US government to access information stored in the Cloud, by (ab)using the PATRIOT act. Multiple Dutch politicians have started asking questions from state secretary Teeven of the Justice Department as to whether he knew about this before the...

Read more