Blog

Can You Stop Former Employees Taking Your Data?
Ron Arden August 3, 2017
Cybersecurity Data breach Insider threat

Can You Stop Former Employees Taking Your Data?It’s a good question and one that many organizations don’t think about thoroughly.  You take a lot of time onboarding an employee by doing background checks, checking references, and determining what information systems and data access the person needs to do her or his job.  You may have a comprehensive provisioning system that grants access to all applications and data.

But how about when someone leaves?  It’s great that you de-provision access the INSTANT someone becomes a former employee, but how do you protect the confidential data she or he may have been taking out each night for the last few weeks?  Organizations spend a lot of money guarding against cyberattacks from hackers and other external people, but many don’t do enough to protect their data from threats of former employees.

Fasoo Sponsored Ponemon Institute Survey On NYDFS 23 NYCRR 500
Ron Arden March 21, 2017
Cybersecurity News

Click here to see the Countdown to Compliance, Fasoo Sponsored Ponemon Institute Survey of NYDFS 23 NYCRR 500Fasoo sponsored a Ponemon Institute survey to determine the readiness of financial firms doing business in New York State to comply with the new cybersecurity regulation NYDFS 23 NYCRR 500 that went into effect on March 1, 2017.  The regulation includes deadlines to implement procedures and solutions to achieve compliance with the new standards.  Since New York is one of the world’s financial capitals, the state wants to ensure that organizations that operate under the banking, insurance or financial services regulations provide a secure information sharing environment to protect companies and their customers.

“The survey is aptly titled “Countdown to Compliance,” said Dr. Larry Ponemon.  “Our goal is to provide insight into the challenges these organizations face in complying with the demanding new requirements which apply to all ‘nonpublic information’ – at rest, in-transit and shared with third parties.  The survey will provide insight into their efforts to comply over the next 180 to 365 days.”

Fasoo and Ponemon Study Reveals Employees Highest Security Risk to Organizations
Ron Arden June 13, 2016
Cybersecurity Data breach Data security Insider threat

Fasoo and Ponemon Study Reveals Employees Highest Security Risk to OrganizationsFasoo just released the results of the security industry’s first look at how confident organizations are about protecting intellectual property and other high value information.  In the latest Ponemon Institute survey titled, “Risky Business: How Company Insiders Put High Value Information at Risk”, 72 percent of organizations are not confident they can manage and control employee access to confidential documents and files.  This study reveals that insiders are the highest security risk to an organization.

The Ponemon Institute surveyed 637 U.S. IT security practitioners familiar with their organization’s approach to protecting data, documents and files against cyberattacks. For the purpose of this research, high value information includes trade secrets, new product designs, merger and acquisition activity, intellectual property, financial data, and confidential business information.

Based on the findings of the research, employees and other insiders often lack the information, conscientiousness and guidance needed to make intelligent decisions about the information they access and share.  Companies are more confident they can stop external attackers from accessing confidential information than their own employees and contractors.  This study should make executives and security professionals think about how they control internal access to sensitive information.

Don’t Get Caught With Your Pants Down – Static Application Security Testing Must be part of Security Risk Management
Ron Arden March 18, 2016
Application Security Testing

Pants DownTechnology has changed the way we live our lives. Whether we are at work, home or outside, we have become dependent on our computers, mobile phones and the internet. On a daily basis, we all interact with a significant number of applications.

Demand for technology has led to an explosion of software we use daily, whether these are applications used in the office or at home. Demand for new or updated functionality has shortened software release cycles and application developers need to rapidly introduce new features to outpace competition and meet customer demand. With this reality, application security risk management can no longer be treated as a nice-to-have element.  It must be a mission-critical requirement at every company that develops software.

Gone are the days with long release cycles and infrequent updates.  Application developers are faced with increased pressure to release software, updates and new features and this presents a significant issue with security. While software companies primarily focus on user experience and business value, often they miss the importance of ensuring the applications are truly secure without vulnerabilities.