Risk Management

Network Security

Issued by: Help Net Security

Addressing pain points in governance, risk and compliance

In this day and age, it seems as though every business has some form of alphabet soup or acronym salad that shapes the decisions they make as it pertains to their information security programs. Between data privacy laws, regulations on the financial industry, calls for a healthcare focused cybersecurity framework, and regular updates to the…

Network Security, Software Security

Issued by: Security Week

Can the World Economic Forum’s Cyber Security Principles Advance Cyber Resilience?

A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.” It is touted as a first-of-its-kind resource to support board of directors and CEOs on cyber security and cyber resilience strategy. The WEF’s principles and tools…

Vulnerabilities

Issued by: Security Week

Hard Drive LED Allows Data Theft From Air-Gapped PCs

Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs). Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from…

Malware & Threats

Issued by: Security Week

Simulation Shows Threat of Ransomware Attacks on ICS

Researchers at the Georgia Institute of Technology have demonstrated the potential impact of ransomware on industrial control systems (ICS) by simulating an attack aimed at a water treatment plant. David Formby, a Ph.D. student in the Georgia Tech School of Electrical and Computer Engineering, and his faculty advisor, Raheem Beyah, identified several commonly used programmable…

Network Security

Issued by: Security Intelligence

HIPAA Settlements of 2016: Lessons Learned

Over the course of 2016, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached many resolution agreements with a number of covered entities and business associates for violation of the Health Insurance Portability and Accountability Act (HIPAA). These HIPAA settlements are mutually agreed-upon resolutions between HHS and the offending…

Malware & Threats

Issued by: Security Intelligence

Avoiding Threat Management Rookie Mistakes

What do a Finnish HVAC company and an American car dealership have in common? Both have been doing a poor job running their computer systems and, as a result, both experienced embarrassing threat management blunders. Valtia is the property manager of two apartment buildings in the city of Lappeenranta in eastern Finland. Meanwhile, the car…

Network Security

Issued by: Security Intelligence

Real-Time Payments, Real-Time Fraud Risks?

Real-time payments, near real-time payments, faster payments, immediate payments — those are just some names used to describe the increasing speed of the settlement transaction process. Slow clearing times for payments can have a negative effect on businesses and consumers, but a quicker process may introduce fraud risks. The National Automated Clearing House Association (NACHA)…