Entries by Paul Hill

IT Security Industry Predictions for 2016

While it is impossible to predict the future (since I don’t really have a crystal ball) I can offer the following predictions for security trends to watch for in 2016: We will continue to witness large scale data breaches that could have been prevented if only well established security practices had actually been applied. Companies […]

BYOD Security and the Mobile Market

BYOD security is a frequent topic among IT security experts. This, my third BYOD post this year, focuses on the mobile market. (Post one, Always-on Access Brings Always-Threatening Security Risks, June 25, 2015; Post two, Device Settings that Help Prevent Unauthorized Information Disclosure, July 13, 2015.) The mobile market continues to be very dynamic. Just […]

Security Risks Created by Emerging Technologies

In a recent Q&A session, Joe Clapp and I were asked to address the security risks that the continuing technological change in cloud data center poses. Following are our responses to the most common risks associated with cloud data center change and our recommendations how to safeguard data given these considerations. Data and data handling […]

Securing Data Backups – On-site and in the Cloud

The security of backups is multifaceted. Factors to be considered include encryption at rest, encryption during transmission if applicable, security of shipping if applicable, physical security, environmental controls to prevent damage, and record keeping in order to prevent loss, and to ensure that data is destroyed once the retention period has expired. In situations where confidentiality is of importance, […]

How to Avoid Bug Management Mistakes

I was recently asked to comment on some of the most common bug management mistakes enterprises make and how to avoid these issues. I have found that one of the most common mistakes is the failure to track vulnerabilities that have been deemed an acceptable risk and left unpatched. There are many reasons why an […]

Device Settings that Help Prevent Unauthorized Information Disclosure

Following up on my recent post (“Always-on access, brings always threatening security risks”) I’d like to continue the conversation and discuss other device settings that help prevent unauthorized information disclosure. Many organizations overlook the risks posed by Bluetooth. The security of Bluetooth has been slowly increasing over the years.  When it first appeared many devices […]

Always-on Access Brings Always-Threatening Security Risks

Always-on access to work for employees comes with always-threatening security risks One of the controls that appears in ISO 27002, titled Information technology – Security techniques – Code of practice for information security management, suggests  that limiting the period during which connections to computer services are allowed reduces the window of opportunity for unauthorized access. […]

Security Questions to Ask a Cloud Service Provider

Ericka Chickowski of Dark Reading recently asked security experts to contribute key questions to ask a cloud security provider. While I’m please that two of my questions were included in the article , I have three additional questions you should ask to help you assess the risks of cloud services. 1) What security compliance programs […]

Key Steps Enterprise IT Can Take to Safeguard its Operations

IT systems pervade enterprises.  Systems are increasingly complex; enterprises constantly seek more rapid deployments.  And enterprises are increasing the volume and diversity of the data collected and analyzed. All of these factors mean that enterprises cannot rely on a small set of steps to safeguard its operations. Well established security frameworks such as PCI, HIPAA, […]