There was a time the only security issues retailers needed to be concerned
with was theft. Put a guard in the store and a couple of video cameras and
prevent as much loss as possible. Those days are long gone.
The overall security of a retail organization has grown increasingly complex.
The smash and grab has been supplanted by the hack and breach. A
retailer’s IT environment is at as much risk as the product on the retail
shelf. Every year hundreds of retailers fall victim to electronic intrusion.
Ask Raley’s, Zaxby’s, Mapco, Michaels’s and dozens of retailers about
how their POS and other exposed systems were not only breached, but cost them
untold millions of dollars in stolen customer credit cards, abused sensitive
data, and reparations and fines.
But if you ask, most of the named companies and the hundreds and hundreds of
others attest that they apply a vari... (more)
Last month the Federal Financial Institutions Examination Council (FFIEC)
shared an opinion on the viability and security of cloud computing. In the
four-page statement, the interagency body empowered to prescribe uniform
principles, standards, stated that cloud computing is “another form of
outsourcing with the same basic risk characteristics and risk management
requirements as traditional forms of outsourcing.”
What they are offering is a back-handed endorsement of cloud computing with
the caveat that if you perform your due diligence and the solution passes the
security smell... (more)
One of the key drivers to IT security investment is compliance. Several
industries are bound by various mandates that require certain transparencies
and security features. They are designed to mitigate aspects of risk
including maintaining the sacrosanctity of customer information, financial
data and other proprietary information.
One such affected vertical is retail. No matter if you’re Wal-Mart or
Nana’s Knitted Kittens, if you store customer information; if you process
payments using customer’s credit cards, you are required by law to comply
with a variety of security standar... (more)
For all the right reasons, your company has been thinking about deploying
SIEM…to create an alert system when those with less than good intentions
come knocking; to remediate potential network threats; to comply with
federal, state or industry regulations; and identify the risks and
vulnerabilities throughout the enterprise IT infrastructure and architecture.
If you maintain even a modest (SMB -> Fortune 1000) organization that has any
online identity, SIEM should be the cornerstone of your asset protection
First and foremost, SIEM (and to a certain extent log manageme... (more)
“The ‘how’ may change, but the ‘what’ is fundamental to risk
I heard these sage words at a recent ISSA (Information Systems Security
Association) meeting from a CIO speaking about security from the cloud.
He continued, “Risk is not unique to the cloud. It experiences the same
issues that affect any outsourcing or third party deliverable. It is bounded
by the same concerns regarding governance—does it meet the requirements of
my industry? Is my data free from co-mingling? Are the proper notification
protocols in place?”
Do a Google search on “cloud security” and the ... (more)