The Official STEALTHbits Blog
STEALTHbits’ blog focuses on critical issues surrounding Data Access Governance, Data Security, Unstructured Data, and more.
Increased Focus on #Insider #Threat from the Verizon #DBIR in 2014 – Who Do You Trust?
Every year Verizon produces the Data Breach Investigations Report (DBIR). It’s bad form on a blog to say “stop reading my content and go read this other content,” but I’ll start by saying that if you’ve never used this report as an asset in your security planning you should absolutely…
The war called ITAR – Time to Turn the Tide
Written by Mamata KrishnamurthyThe International Traffic in Arms Regulation, popularly known as ITAR, is a set of regulations governing the export and import of defense goods and services. As simple as the definition may sound, ITAR is among the hardest of government regulations to understand and even harder to comply with. Because national…
Don’t Call It a Comeback
Written by Adam LaubWhen I first started at STEALTHbits, times were different. Technology was different. There were different problems to solve then. And with the advent and evolution of an endless stream of new technologies over the past decade from mobile devices to social media, Voice-over-IP (VoIP) to “big data”, the problems to…
Why #BigData may make your #heartbleed even more
Hope you had as much fun changing passwords over the last few days as I have. If you have not gotten to it yet, the best set of tools I found to deduce if a site is ready for a password switch post Heartbleed was in this Forbes article. Just…
Heartbleed. This is real. And it’s happening now.
Written by Kyle KennedyThe “heartbleed” bug recently discovered is the type of bug that security experts often discuss within the context of doomsday scenarios but truly never want to experience. The bug isn't platform specific; e.g. Patch Tuesday - Windows "fixes"; this bug targets the very fabric of secure communications across the Internet…
RSA Conference 2014 Recap: Mission Accomplished
Written by Adam LaubAt this year’s RSA Conference 2014 in San Francisco, Gary S. Miliefsky of Cyber Defense Magazine (CDM) visited the STEALTHbits booth where we got to talking about who STEALTHbits is, what we do, and what we were talking with conference attendees about at the show. Here’s what Gary had to…Tags: RSA Conference 2014 Cyber Defense Magazine Open Shares Open Share Access Unstructured Data Security SolutionsBe the first to comment! Read 450 times
The OWASP Top 10: Then and Now
Written by Jonathan LampeThe OWASP Top 10 list publicizes the most critical web application security flaws as determined by Open Web Application Security Project (OWASP), a nonprofit, vendor-independent IT security organization formed in 2001. In this article, we review the 2013 edition of this popular security resource. The OWASP Top 10 Is Revised…Tags: Open Web Application Security Project OWASP PCIDSS CrossSite Scripting XSS Server MisconfigurationBe the first to comment! Read 260 times
Shedding Some Light on NERC Compliance
Written by Luciana ContuzziThe North American Electric Reliability Corporation (NERC) develops and enforces CIP (Critical Infrastructure Protection) Reliability Standards corresponding to the Bulk Power System (BPS). Users, owners, and operators of the BPS under NERC jurisdiction serve more than 334 million people in the US, Canada, and northern Baja California, Mexico with their…Tags: North American Electric Reliability Coporation NERC Critical Infrastructure Protection CIP Electronic Sensitive Data StealthSEEKBe the first to comment! Read 269 times
Is Least Privilege #Security Dead? A #GartnerIAM London Afterthought
Sitting staring at the mountain of catch up here on my desk isn't making me think the Gartner IAM Summit in London was a bad idea. It does make me want to distract myself. So my thoughts turn to Ant Allan’s part in the opening keynote. Opening keynotes by their…Tags: Security Gartner IAM Summit File Shares Electronic Forms Open Access Least Privilege Controlling Access SelfService Access RequestBe the first to comment! Read 743 times
Why Comply With PCI?
Written by Luciana ContuzziThere were 26.2 billion credit card transactions, 47.0 billion debit card transactions, and 9.2 billion prepaid card transactions that occurred in the U.S. in 2012. 1 That totals 82.4 billion transactions required to fall under PCI DSS Compliance and this number is only predicted to rise each year. Any business…