Information Security Blog

Assessing the Security of Legal Practice Management Software in the Cloud

Assessing the Security of Legal Practice Management Software in the Cloud

legal-practice-management-software-cloudRecently I had an interesting conversation with a client about the pros and cons of moving from an in-house enterprise Practice Management System (PMS) to a cloud-based (SaaS) solution.  Needless to say, our conversation centered on the information security implications of the potential move.  I was intrigued when he indicated that the PMS vendor was both SOC 2 and ISO 27001 certified.  While we were chatting I pulled up ...

Continue Reading →
0

Hey, Is This Application Secure?

Hey, Is This Application Secure?

Lately a lot of clients have been asking me to provide what I refer to as “security on demand.” The client basically asks: “My users want me to give them this (commercial off the shelf software) application — is it secure?”

That’s a very simple question, but often the answer is a lot more complex. At a minimum, it might take me considerable time to research the issue. I need to check the Microsoft Security Research & Defense blog, ...

Continue Reading →
0

Disaster & Recovery

Disaster & Recovery

As a result of the devastation from Hurricane Sandy, the possibility of another similar—or worse—weather incident and our ever-increasing reliance on the cloud, we have to ask ourselves two questions:

  • How can we ensure that NJ businesses survive future events like Sandy?
  • How can we ensure the resilience of information technologies that support New Jersey businesses?

In this 2-Part Special Report, we will uncover the answers to those questions, and shed light on the things that need to be done today.

Read the article ...

Continue Reading →
0

Why Outsourced or Co-Sourced Vulnerability and Configuration Management is Becoming More Popular

Why Outsourced or Co-Sourced Vulnerability and Configuration Management is Becoming More Popular

We conduct hundreds of vulnerability assessments and penetration tests per year at Pivot Point Security. While the overall security postures of most organizations is notably better today than it was ten years ago, I think that vulnerability and configuration management practices specifically are not much better today than they were then.

The improvement in security posture as a whole is largely attributable to Microsoft getting more serious about security in the middle of ...

Continue Reading →
2

How OWASP Can Prevent Your Business From Getting Stung By Hackers

How OWASP Can Prevent Your Business From Getting Stung By Hackers

In a recent blog post, one of my colleagues at Pivot Point Security wrote about a client firm that was hacked due to a vulnerability in one of its web applications. While they regularly ran network vulnerability tests against their web server, they had overlooked their applications, which were not coded with security in mind and had never been properly tested for vulnerabilities.

You don’t want to find out the hard way about security vulnerabilities in your web applications — ...

Continue Reading →
0
Page 1 of 53 12345...»