Data Breaches at Colleges and Universities

IT staff at educational institutions are faced with high user turnover, the constant reconfiguration of machines, and clever students with the skills to gain unauthorized access to unsecured IT assets. At the same time, IT personnel must efficiently cope with all of these issues, under tight budgetary constraints, while complying with regulatory mandates like the Family Educational Rights and Privacy Act (FERPA).





Government Information Security in the Age of Sequester

Applauding the Lieberman-Collins CyberSecurity Bill

The proposed Lieberman-Collins bill S 3480 “Protecting Cyberspace as a National Asset Act of 2010” has been criticized in the mainstream media as insufficient for securing US infrastructure from cyber attacks. The critics don’t seem to realize that the legislation is not intended to be an all-encompassing bill. Securing cyberspace will require more than a single piece of legislation. This bill represents no small step, and in light of the present threat environment it’s a great beginning.


Tips to Improve IT Security Posture

Your Top IT Vulnerability?

Hackers, as part of their initial intrusion, will extract all of the passwords stored and used on the compromised machine, decrypt them at their leisure (see Rainbow Attack), and then come back into a company’s systems via the initially compromised machine and use these credentials to access virtually every system in the company. From there, the attacker can plant more collection software in a matter of minutes. This is known as the common administrator password flaw, and this is how the famous Conficker virus spread.


Securing Data in the Cloud

Safeguarding a cloud infrastructure from unmonitored access, malware and intruder attacks grows more challenging for service providers as their operations evolve. And as a cloud infrastructure grows, so too does the presence of unsecured privileged identities


Regulatory Compliance Is Not Security

Security awareness operates on a principle where companies are only willing to fix their problems when they are being fined, or when their lack of security lands them in the newspaper. But, just as memories fade in time, the commitment to security fades quickly when breaches blow over and everyone moves on. Hopefully, more companies will begin to realize that regulatory compliance and IT security are not necessarily the same things.