Chandler Howell recounts a story of his daughter’s birth, and in particular the RFID bracelet attached to her ankle. The bracelet’s primary function is to sound an alarm when a tag travels outside a particular area, presumably to stop abductions. But Howell notes they’re also used as a means of identity authentication, since the tag [...]

With so many reports of large-scale data breaches in the news, it’s understandable that people are interested in finding out if their own data is among that which has been taken. To satisfy this need, a company specializing in preventing identity theft has launched a search engine that claims it will tell you if your [...]

With recent reports saying that the data breach from TJ Maxx’s corporate parent may represent the largest ever compromise of customer data, the timing is right to start seeing stories about how companies should start finding real solutions to privacy compliance. It’s now a growing market to offer complete solutions, rather than relying on each [...]

Anton Chuvakin makes it clear why security isn’t a silo and can’t be considered separate from other aspects of IT or business. He points to a quote from a paper suggesting that networking and security should be separate, with a networking group configuring network devices and a security group configuring security devices — and then [...]

The RiskAnalys.is blog points to a chart explaining Intel’s approach to risk mitigation that shows that for all the trouble people have explaining risk management, it’s not clear it helps much to chart it out either. Still, the important point comes at the end of the post, where it states:
“Risk management is just as much [...]

Andy, ITGuy, is writing about how security professionals need to be better at educating users about security. That means not rolling eyes when people do something dumb, but making it easy for people to understand why it’s dumb in the first place. Andy admits this is hardly a new idea — but doesn’t get into [...]

There’s a story getting passed around these days about a guy who made a purchase at a gaming store that had two branches. When the clerk asked for various information from the guy and keyed his credit card info into the computer, the customer assumed he was typing it into a point-of-sale system. However, the [...]

Chandler Howell has a great post over at the “Not Bad For a Cubicle” blog, discussing the three different ways information is lost: accidental loss, selfish loss (which might also be called carelessness) and malicious loss. While these may seem obvious after reading through them, it’s a nice and simple way of looking at information [...]

The NY Times is running a great article about security professionals and lawyers who are worried about employees forwarding their work emails to web-based email accounts offered by companies like Yahoo! and Google. It highlights a few important things that those working in security risk management should keep in mind. The rise of new web-based [...]

Encryption is an important tool in any IT security strategy. It may not be perfect for everything, but it’s useful in many, many cases. However, there’s a company in Canada that claims encryption isn’t good because attackers can still see that there’s data there, even if they can’t read it. They seem to downplay the [...]