Case Study: Improving ID and Access Management

Data Breach Today

Veda Sankepally, an IT security manager at managed care company Molina Healthcare, describes critical steps in this case study interview What are some of moves that organizations can make to improve their identity and access management?

Access 132

Case Study: Moving to DevSecOps

Data Breach Today

Since Sentara Healthcare adopted a DevSecOps approach, CISO Daniel Bowden says, his security team has gained improved visibility into the entire application development process

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Case Study: How IU Health Manages Vendor Security Risk

Data Breach Today

What are some of the most important aspects in managing vendor security risk when taking on third-parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk

Risk 125

The Data Breach Case Study & Protection Guide

Record Nations

Even the tiniest security gap can lead to a data breach. The post The Data Breach Case Study & Protection Guide appeared first on Record Nations. After a $5.5 million settlement, Nationwide Insurance’s breach serves as just one example of the growing number of data breaches each year—making it all the more important you have protections in place. What Happened Even the tiniest serious gap can pose serious risks. Recently […].

eRecords 2018: “A Case Study in Data Mapping – Are You Ready for a New Norm?”

The Texas Record

IT Security – Cybersecurity; Access Controls; Breach Detection. Before taking on this project, apply the lessons learned from KPMG case study so you do not encounter the same issues that slowed them down.

Case study: The Hub by SAS


In a case study they explain that SAS had a number of requirements, including: "All communications would have to be maintained behind the firewall (for security reasons) while seamlessly integrating with other internal business systems such as SharePoint.".

Analysis: A Better Approach to Cyber Defense

Data Breach Today

The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections

How Information Sharing Helped Curtail WannaCry Harm

Data Breach Today

The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements

MITRE evaluates Enterprise security products using the ATT&CK Framework

Security Affairs

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. The post MITRE evaluates Enterprise security products using the ATT&CK Framework appeared first on Security Affairs.

A massive accounting hack kept clients offline and in the dark

Information Management Resources

Last week, a cyberattack took down software provider Wolters Klumer NV and presented a case study in how not to communicate with customers over a hack. Data security Cyber security Cyber attacks Malware

How Secure Are Bitcoin Wallets, Really?

Security Affairs

Purchasers of Bitcoin wallets usually have one priority topping their lists: security. What’s the truth about the security of these wallets? However, purchasers of Bitcoin wallets — the software programs that facilitate storing someone’s cryptocurrency-related wealth — usually have one priority topping their lists: security. But, beyond the marketing language, what’s the truth about the security of these wallets? appeared first on Security Affairs.

How to start your career in cyber security

IT Governance

There has never been a better time to get into cyber security, with growing demand for experts promising increased salaries and job opportunities. In this blog, we provide tips for getting your cyber security career started no matter your background.

How to start your career in cyber security

IT Governance

There has never been a better time to get into cyber security. If you’re thinking about starting a career in cyber security, here are five things you should do. As with most industries, you’re much more likely to get ahead in cyber security if you have experience. Study.

Duo Security created open tools and techniques to identify large Twitter botnet

Security Affairs

Researchers at security firm Duo Security have created a set of open source tools and disclosed techniques that could be used to identify large Twitter botnet. ” reads the research paper published by Duo Security.

7 Questions to Determine if Your Data is an Asset


This can be expensive as resources on storing, protecting, and securing information are costly. FREE Webinar: Learn more from this Case Study on Leveraging Data to Transform Customer Experience].

Why the cyber security skills gap is so damaging

IT Governance

The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. In many cases, employees’ time and resources are spread so thinly that the quality of the work suffers. However, some cyber security experts believe the skills shortage is a “myth”.

Risk 59

What did you do for European Cyber Security Month?

IT Governance

Throughout October, cyber security experts have been helping Europeans understand the importance of effective information security practices as part of Cyber Security Month. What should you remember about Cyber Security Month? Security Summit North. Cyber Security


IG Guru

We are looking for presentations on solutions to the IG challenges created by new and emerging technologies, the latest legal and regulatory developments that affect IG programs and professionals, practical advice and guidance on traditional IG challenges, and relevant case studies […].


NSA releases the source code of the GHIDRA reverse engineering framework

Security Affairs

In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. Early March, the NSA has released the suite Ghidra that could be used to find vulnerabilities and security holes in applications.

Malicious PDF Analysis

Security Affairs

” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. Most security tools must always be adapted to this new reality of attack and infection.

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

According to the cyber security community, NotPetya is a cyber weapon develped by Russia to hit the Ukrainian government. ” This decision is a case study, both companies are facing an unprecedented court case.

Attacking encrypted USB keys the hard(ware) way


If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data. In this talk, we will present our methodology to assess "secure" USB devices both from the software and the hardware perspectives. We will demonstrate how this methodology works in practice via a set of case-studies.

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. Breaking News Cyber Crime Deep Web Reports extortion Hacking malware Pierluigi Paganini Security Affairs

Sales 114

Analyzing AZORult malware using NSA Ghidra suite

Security Affairs

Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. The post Analyzing AZORult malware using NSA Ghidra suite appeared first on Security Affairs.

Hunting down Gooligan — retrospective analysis


Beside its scale what makes Gooligan a worthwhile case-study is its heavy reliance on stolen oauth tokens to attack Google Play’s API, an approach previously unheard of in malware. Last but not least we will recount how we went about re-securing the affected users and takedown the infrastructure This talk provides a retrospective on how during 2017 Check Point and Google jointly hunted down Gooligan – one of the largest Android botnets at the time.

IT 49

How to become an ISO 27001 lead implementer

IT Governance

It’s an advanced cyber security position that comes with a lot of responsibility. You’ll be given a combination of theoretical study and hands-on work, including group discussions, practical exercises and case studies.

Risk 70

e-Records 2019 Call for Presentations

The Texas Record

The theme this year is Better Together in a Digital World: Security and Retention. TSLAC and DIR are looking for learner-focused presentations that build core skills and share practical knowledge and experience related to digital collaboration, communication, security, and retention.

Acoustical Attacks against Hard Drives

Schneier on Security

Despite the widespread use of HDDs and their critical role in real-world systems, there exist only a few research studies on the security of HDDs. In particular, prior research studies have discussed how HDDs can potentially leak critical private information through acoustic or electromagnetic emanations. We show the feasibility of the proposed attack in two real-world case studies, namely, personal computers and CCTVs.

NHS is still assessing the cost of WannaCry one year later

Security Affairs

The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs. The UK’s Department of Health and Social Care provided an update on the spent to secure the IT infrastructure in a report titled “ Securing cyber resilience in. a variety of security risks and threats across the organization. Security Affairs – WannaCry, hacking ).

SamSam Ransomware operators earned more than US$5.9 Million since late 2015

Security Affairs

The security experts from Sophos have published a report on the multimillion-dollar black market business for crooks, they analyzed the SamSam ransomware case as a case study. million, the security firm also estimated that the group is netting around $300,000 per month.

Destroying Barriers to Destruction


So it didn’t come as much of a surprise that the 2015 and 2017 Cohasset/ARMA IG Benchmark reports saw virtually no decline in the number of organizations (76%) that maintain a “keep everything culture,” and don’t have a formal secure destruction plan. While there’s a case to be made that more destruction is occurring because of new business demands, I’m not confident that much will have changed in the intervening two years since the last survey.

CCPA and the future of the health data economy


The impact of the CCPA on healthcare data privacy compliance will be significant, and so it makes a good case study for understanding what is to come. Organizations engaging with personal healthcare data need to pay close attention to the rapidly evolving regulatory environment.

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

Advocates claim such access is needed to strengthen national security and hinder terrorism. They assert that the risk of encryption backdoors ultimately being used by criminals, or worse than that, by a dictator to support a totalitarian regime, far outweighs any incremental security benefits. Venafi: It has been established over a long period of time that the minute you put a backdoor in, and you think it’s secure, it almost immediately will fall into the wrong hands.

e-Records 2019: Registration Open!

The Texas Record

The conference theme this year is Better Together in a Digital World: Security and Retention. Once again, the Texas State Library and Archives Commission (TSLAC) and the Texas Department of Information Resources (DIR) have joined forces to bring you another outstanding selection of speakers sharing case studies and presentations. Registration for the 2019 e-Records Conference is now open to state agencies and local governments.

CCPA and the future of the health data economy


The impact of the CCPA on healthcare data privacy compliance will be significant, and so it makes a good case study for understanding what is to come. Organizations engaging with personal healthcare data need to pay close attention to the rapidly evolving regulatory environment.

Can Enterprises execute a GRC Movement?

Security Affairs

Managed security services or security operations, cloud security, GRC is one of the fastest growing solutions in the world. GLOBAL CYBER SECURITY MARKET. Enterprises can outsource cyber security, but not risk. If yes then what kind of use cases?

Risk 101

e-Records 2019: Early Bird discount expires soon!

The Texas Record

Better Together in a Digital World: Security and Retention. TSLAC @TexasDIR. Reminder to register now and save $30! Early bird registration is only $70. After October 25, the price increases to $100. But you better hurry! We have less than a 100 seats left.

Wednesday’s Relativity Fest Sessions: eDiscovery Trends

eDiscovery Daily

Here is one of the eDiscovery-related sessions for today (it’s a short day): 9:00 AM – 10:00 AM: LIE230322 – e-Discovery Law and Practice: Case Studies in Cooperation.

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

And this continues to include enterprises that have poured a king’s ransom into hardening their first-party security posture. According to a recent Ponemon Institute study , some 59% of companies experienced a third-party data breach in 2018, yet only 16% believe they are effectively mitigating third-party risk. Shared Management equips its members to lead their organizations – and their organizations’ partners — in mitigating third party IT security risks in several ways.

Risk 120

Summary – “Blockchain Technology and Recordkeeping”

ARMA International

The chapters respond to, and are structured according to, an initial set of questions from the AIEF’s call for proposals for a study on blockchain, records, and information management. This article summarizes a report published by AIEF on May 30, 2019.