How to Respond to a Cyber Security Incident

exit

Every day another company is caught off guard by a data breach. While avoiding an attack is ideal, it’s not always possible. There’s no such thing as perfect security. Even if you’ve outsourced your IT or your data lives in the cloud, ultimately the responsibility for keeping your customer data safe falls on your shoulders. […]

Continue Reading →

Is Browsing Facebook While in the Hospital a HIPAA Violation?

doctor-medical-medicine-health-42273

A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential to disrupt the way the ad targeting industry deals with the healthcare sector. To really understand what’s going on, you’ll need some background on HIPAA. […]

Continue Reading →

Layered Security – IOSS 14

layers

Layered security refers to the practice of combining various security defenses to protect the entire system against threats. The idea is that if one layer fails, there are other functioning security components that are still in place to thwart threats. In this episode of the Inside Out Security Show, we discuss the various security layers. […]

Continue Reading →

Top 10 Active Directory Tutorials on the Web

whiteboard

We’ve all heard of the many benefits of Active Directory (AD) for IT admins– it makes your job simpler because there’s a central vault of user information, and it’s scalable, supporting millions of objects in a single domain. However, it can be a pain in the ACLs to implement and maintain—a cluttered, misconfigured AD can […]

Continue Reading →

Top #InfoSec People to Follow on Twitter

follow

When it comes to #infosec people, we often think of brand names like @briankrebs, @schneierblog, @troyhunt, and @anton_chuvakin. But let’s not ignore other remarkable #infosec pros who are working tirelessly to improve our security and privacy. Follow these top #infosec people on Twitter, so you can hear what they have to say! Christina Ayiotis @christinayiotis Christina Ayiotis […]

Continue Reading →

The Difference Between Active Directory and LDAP

Active Directory (AD) is a directory service made by Microsoft. It provides all sorts of functionality like authentication, group and user management, policy administration and more. LDAP is a way of speaking to Active Directory. LDAP, which stands for Lightweight Directory Access Protocol, is a means for querying items in any directory service that supports […]

Continue Reading →

GDPR – IOSS 13

gdpr

We’ve been writing about the GDPR for the past few months now and with the GDPR recently passed into law, we thought it was worth bringing together a panel to discuss its implications. In this episode of the Inside Out Security Show, we discuss how the GDPR will impact businesses, Brexit, first steps you should […]

Continue Reading →

The Password is Dying – IOSS 12

password

In our last Inside Out Security show – Everything You Need to Know About Passwords – we covered hashes, salting your hash, and creating passwords. However, there are shortcomings to password-based authentication – brute force attacks, passwords stored as plain text, weak passwords, and more! Luckily, as of late, banks and technology companies are exploring really exciting alternatives […]

Continue Reading →

EU GDPR Controversies [INFOGRAPHIC]

gdpr_infographic1

The General Data Protection Regulation (GDPR) took years to become law as the relevant parties engaged in endless rounds of negotiations. It’s not surprising that there are some controversial elements. Time for another GDPR infographic! We’ve boiled down the controversies into three areas: territorial scope, right to be forgotten, and steep fines. Large US and other […]

Continue Reading →

EU GDPR: Data Rights and Security Obligations [INFOGRAPHIC]

license

The EU General Data Protection Regulation (GDPR) isn’t light reading. However, it doesn’t mean that this law’s essential ideas can’t be compressed and rendered into a highly informative infographic. We’ve been spending the last few months untangling the legalese and looking for ways to simplify the GDPR’s key requirements. One way to view the new […]

Continue Reading →

FYI: EU Network and Information Security Directive

twilight-power-lines-evening-evening-sun-46169

While we’ve been focusing on the EU General Data Protection Regulation (GDPR), there’s another EU security initiative that deserves an honorable mention. First proposed in 2013, the Network and Information Security Directive  (NISD) addresses cybersecurity for “essential services”. The NIS Directive is not nearly as detailed as the GDPR. Its goal is to improve co-operation […]

Continue Reading →