Archive for September, 2008
Determined Thief Steals Cable-Locked Laptop from Canadian Bank
Evan at BreachBlog posted an interesting item about a laptop theft from the National Bank of Canada.
As Evan notes, this is not the kind of theft that we see reported often. The thief entered the company’s offices during regular business hours, entered the office containing the laptop, cut the security cable, and stole the [...]
Google Chrome in the Enterprise
Google released a beta version of their Google Chrome browser a few weeks ago, and many enterprises haven’t yet decided how Chrome impacts them. I suggest that it’s important to be proactive and disallow installation of Chrome on enterprise-managed machines.
Google has a truly admirable record for releasing products that have no known vulnerabilities, even [...]
Hacking of LPL Financial’s BranchNet System a Result of “Reckless Disregard”
Earlier this month, LPL Financial agreed to pay a $275,000 penalty to the Securities and Exchange Commission for failing to fix security vulnerabilities that were discovered in a 2006 internal audit of the company’s security controls. The audit identified that the security controls in LPL’s BranchNet trading system were inadequate, and recommended remediation.
After receiving [...]
High-Profile Domain Expirations Highlight Need for Better Domain Name Management
How are you managing your company’s Internet domain names? Based on my informal survey of the domain names of the Fortune 100 largest public companies in the US, it seems apparent that domain name management is an area that needs some attention.
Though domain names are (obviously) crucial to a company’s Internet presence, many companies [...]
Reduce Risks by Becoming a Service-Oriented Organization
Information security organizations in large enterprises are all-too-often focused around compliance. Communications between security and other organizations are often focused around an audit, or require some action to be taken. At times, organizations need to set aside current activities to focus on reducing risk, which can result in a missed deadline, exceeded budget, or [...]