The role of the Chief Information Security Officer (CISO) is becoming the norm in eDiscovery companies as these companies grow their client base and venture into compliance and data breach prevention services. In fact, one industry expert sees the CISO role also being weaponized to support the sales function during client discussions about security.
A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.
The BSA Framework for Secure Software tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.
The work that Thomas Peyrin and his colleague, Gaetan Leurent, have done goes far beyond just proving SHA-1 chosen-prefix collision attacks are theoretically possible. They show that such attacks are now cheap and in the budget of cybercrime and nation-state attackers.
When an acquirer does not protect itself against a data lemon and seek sufficient information about the target’s data privacy and security compliance, the acquirer may be left with a data lemon.
Much of the discussion about cloud services remains focused on the needs of less-mature organizations and on technical rather than business considerations. Debate concentrates on whether to move to the cloud, which workloads are best to “lift and shift” from a cost, security and compliance perspective or how to avoid supplier lock-in, currently one of the biggest concerns when moving to the cloud.
Utah Gov. Herbert signed off this week on a bill that positions Utah as the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information. The bill, HB57, establishes that a warrant must be secured before law enforcement may access electronic data held by a third party, thus protecting information passed to a third party such as Dropbox or Google Drive.
Just as there are many tasks in electronic discovery, many times there are multiple technologies and platforms involved in the complete electronic discovery process. When there are multiple technologies and platforms involved, data must be transferred from disparate technologies and platforms to other disparate technologies and platforms. This data transfer can be considered a risk factor that impacts the overall electronic discovery process.
The Cloud Security Alliance (CSA) today announced the release of the CSA IoT Controls Framework, its first such framework for IoT which introduces the base-level security controls required to mitigate many of the risks associated with an IoT system operating in a range of threat environments.
The NIST cybersecurity practice guide, Mobile Device Security: Cloud and Hybrid Builds, demonstrates how commercially available technologies can meet your organization’s needs to secure sensitive enterprise data accessed by and/or stored on employees’ mobile devices. The document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources.