Lately a lot of clients have been asking me to provide what I refer to as “security on demand.” The client basically asks: “My users want me to give them this (commercial off the shelf software) application — is it secure?”
That’s a very simple question, but often the answer is a lot more complex. At a minimum, it might take me considerable time to research the issue. I need to check the Microsoft Security Research & Defense blog, ...
Continue Reading →
In a recent blog post, one of my colleagues at Pivot Point Security wrote about a client firm that was hacked due to a vulnerability in one of its web applications. While they regularly ran network vulnerability tests against their web server, they had overlooked their applications, which were not coded with security in mind and had never been properly tested for vulnerabilities.
You don’t want to find out the hard way about security vulnerabilities in your web applications — ...
Continue Reading →
The new HIPAA Omnibus Rule went into effect on March 26, 2013 — and compliance will be enforced beginning on September 23, 2013. Are you familiar yet with the new rules and how they might impact your company and/or its business partners.
In a recent post I blogged about changes now coming into effect, which will ...
Continue Reading →The new HIPAA/HITECH “Omnibus Rule” went into effect on March 26, 2013, and organizations have 180 days to come into compliance — which is not a lot of time. This new regulation modifies HIPAA in line with changes mandated by the HITECH Act of 2009.
One of the key changes in the new rule, which will have a broad impact across the healthcare industry and far beyond, is a significantly broader definition of what constitutes ...
Continue Reading →
Pivot Point Security recently conducted an investigation on behalf of a large retail client whose website was compromised. As soon as we got the call about the breach we started reviewing all available logs with the client’s in-house security team, while their database people reviewed the transaction log on the back-end. We quickly uncovered some very basic flaws in a critical web application, which the hackers had exploited. Logs pointed to a ...
Continue Reading →
Join the other subscribers and receive Information Security article updates by email.
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
Risky Business Blog
Techno Blog
In The News
RSS Feed
