fbpx
 

Blog

Blog

Who’s doing what with your data – need for an identity management system and auditing
Sam AlapatiAccess management, Database security, DSS (Data Security Standard), Identity management, IT SecurityLeave a Comment on Who’s doing what with your data – need for an identity management system and auditing

The sensational revelations of the inside action of international diplomacy are still being revealed by WikiLeaks, which has access to a stash of about a quarter million of secret diplomatic messages between the State department and the U.S. embassies around the world. Of course, the revelations caused a red faced State department to fulminate about violations of national security by Wikileaks. The State department has just unveiled the cloak of mystery regarding exactly how the secret messages were accessed and […]

Breach Notification Laws
Scott D. RosenbergHIPAA, IT Security, Security AssessmentsLeave a Comment on Breach Notification Laws

Data breach notification laws require companies to implement formal data breach notification polices that cover the procedures for incident reporting and external breach notification. Except just four states – Alabama, Kentucky, New Mexico and South Dakota, every state in the U.S. has passed a breach notification law in the recent past, following the lead of California’s landmark breach disclosure law in 2003. . Breach notification laws require companies to notify their customers about security breaches that involve personal information. Of […]

Web Application Vulnerabilities – way too common!
Sam AlapatiCenter of Internet Security (CIS), Database security, DSS (Data Security Standard), IT Security, Security RiskLeave a Comment on Web Application Vulnerabilities – way too common!

Web applications are common to practically every company that uses the internet. Even if a company uses the well-known Secure Sockets Layer (SSL) and utilizes sophisticated firewall protection, the very fact that it can’t control what users can input into their web forms, introduces several avenues that a malicious person can use to attack the company’s data. Top web application researcher and practitioner Dafydd Studdard and his colleagues have tested thousands of web applications for security assessments over the years. […]

In Archive