Crypto Management – PKI, Certificate Management and other Crypto Challenges
Cryptographic controls are in the forefront of protecting information, but such controls require appropriate implementation, application and oversight (governance). Such controls may be implemented to ensure the confidentiality or integrity of data in effort to be consistent with leading information security practices; however, many organizations are obligated to comply with industry regulations, state laws or […]
Data Loss Prevention – Overcoming Implementation Challenges
Since the wave of Data Loss Prevention solutions hit the market place in the mid 2000’s, the concept of DLP has gained considerable traction throughout various industries. Further, several early market DLP products have been integrated into broader enterprise solutions by large technology providers, contributing to marketability, adoption, support and implementation effectiveness. While adoption has […]
Law and Information Security: The Intersection of Law and IT
The Information Security and Legal Teams within organizations are working hand-in-hand more than ever before. The opportunities for interaction and collaboration are growing as data volumes, data complexity, and data types increase and mobile and personal devices proliferate across the enterprise. Digital information has major security ramifications around usage, access, protection, and privacy. This increased […]
Application Security – Pulling it Together
The need for integration of application security best practices is evidenced by today’s headlines. Injections, business logic flaws and failures to implement the most basic of security controls contributes to the compromise of not only corporate sites and data, but for some organizations, the relentless attention of global computer hactivists and media outlets alike. Most […]
May Madness: Privacy, Legal and Regulatory
The initial panic associated with the need to comply with privacy and information security regulations has subsided as organizations have evolved policies and practices to ensure compliance with laws. The focus has been on what organizations “cannot do” with data. Moving ahead, organizations are looking to determine what they in fact “can do” with the […]