Tag: ARTICLE
When crisis strikes your business, what can you do? As you try to pick up the pieces, at some point your mind would likely turn to the fantasy of bringing in an accomplished executive with extensive experience in the exact type of crisis your business is experiencing, just long enough to get you through it. That’s no fantasy, though. Such an option exists.
It’s called Interim Management, and it’s one of the latest forms of troubleshooting management techniques to emerge in recent years. While similar to bringing in a management consultant, it has striking advantages that can help your business...
Social engineering doesn't have to be just a supporting process to obtain system access; it is could be even more dangerous when it is used as the main attack. We, information security defenders, rarely consider that risk.
If you think Social Engineering is an effective way to obtain access to systems by exploiting the weakest link – people – you are correct.
But not completely correct. Social engineering could be much more than what is being discussed in the media or on social engineering awareness sessions.
Social Engineering is the most effective way to: obtain information. It’s a subtle difference, but one...
There is a new danger lurking in the information assets of countless organizations around the globe disguised by a plan devised to protect a large portion of those assets while failing miserably to protect the rest.
Zero tolerance approach to cyber security is untenable
Traditional approach to cyber security was for a board / management to declare that they have “zero tolerance” for cyber breaches, and for the first line to erect barriers and try to control access to any outsiders.
That approach is untenable today. Cyber criminals demonstrated that our perimeter protections are not sufficient. Customer voted for ease for access...
Information security and IT security are often used interchangeably. Even among InfoSec professionals. The terms are interrelated and often share the common goals of protecting the confidentiality, integrity and availability of information, however; there are significant differences between them.
IT security is only concerned with the systems that store, process, transfer and make available electronic data.
Information security goes far beyond that. It encompasses classification of information across an organization, information security policies and procedures, physical security aspects, legal protections, HR, awareness, and retention of information, regardless of information format. Even when the information is on paper or in employees’ heads.
Examples...