SECURITY SCISSORS

Keep your personal information safe from prying eyes without the need for a bulky, expensive shredding machine! Ingenious 5-blade scissors instantly turn bills, bank statements, unwanted credit card applications and confidential documents into tiny, unreadable confetti-like shreds. Stainless steel blades. 5″ x 10 1/2″ high.

Price: $ 4.80

Technorati Tags: Based, Blackhawk, Provider, Riverton, Security, Wyoming

Question by hash19: You are the Information Security Officer at a medium-sized company (1,500 employees). The CIO has asked you to?
You are the Information Security Officer at a medium-sized company (1,500 employees). The CIO has asked you to explain why you recommend it is so important to secure your Windows and Unix/Linux servers from known shortcomings/vulnerabilities, explain to your CIO what you can do to make sure your network infrastructure is more secured.

Best answer:

What do you think? Answer below!

Principles of Information Systems Security: Texts and Cases

The real threat to information system security comes from people, not computers. That’s why students need to understand both the technical implementation of security controls, as well as the softer human behavioral and managerial factors that contribute to the theft and sabotage proprietary data. Addressing both the technical and human side of IS security, Dhillon’s Princliples of Information Systems Security: Texts and Cases equips managers (and those training to be managers) with an und

Rating: (out of 3 reviews)

Price: $ 48.99

Technorati Tags: 1500, asked, company, employees, Information, mediumsized, Officer, Security

US $12.29 End Date: Friday Sep-10-2010 3:45:04 PDT Buy It Now for only: US $12.29 Buy it now | Add to watch list

Technorati Tags: approved, Cameras, Information, location, News, Security, voting

Information Security & Compliance “Made Easy”

There is no mystique about Information Security and Compliance. Most of what you are told by many security specialists would not lend you to believe that Security & Compliance is something that anyone can understand (Common sense plays a big part).  We (security specialists) tend to throw out the typical buzz words to dazzle those with whom we are speaking with, such as: Mitigation, Vulnerabilities, Risks, End Point Security, Perimeter defenses, BCP, DRP, VPN, IPSec, Encryption, IDS, IPS, Firewalls, Anti virus, Worms, Routers, Switches and so on………………. In a room full of security geeks this is fine, but in a room of doctors, lawyers, business executives it just doesn’t fly. They just want to know that they are protected from all the bad people. As a security specialist you are expected to show senior executives what types of risks that can impact their environment and level of probability with a bunch of charts and pictures. Present an assessment of where they stand today. Show a staged plan for remediation of those risks that are impacting and progress reports (score cards) on a monthly basis of your remediation efforts.  Keep everyone informed (Open line of communication).  But the most important thing is to show business leaders WHY they need to have a security program in place. HOW it will affect them not only from a regulatory obligation but also from a business reputation standpoint. Word spreads fast if your business is compromised by outside or inside attacks.

Where do I start?

With a competent security leader in charge, he/she will be able to create a security program using multiple certified  frameworks (there is no magic involved). Competent is someone who understands security from both a strategic and tactical approach. This person needs to have both a business and technical aptitude as it relates to security mitigation controls (hardware, software) along with procedural and policy driven controls for data security.  Does this person need to be a college graduate from an accredited university in computer science? NO! This need’s to be someone who has been in the field of technology; Operational infrastructure, Network Controls. Someone, who at one time touched these structures and understands fundamentally the functions of both the hardware and the application side of Information Technology, along with an understanding or Compliance (regulatory requirements) such as; HIPAA, PCI, GLBA, SOX.  And, if this person happens to have a college degree on top of this, then that is considered a plus and not a first requirement. 

There are many frameworks that are industry certified to help define your level of security risks in regards to types of risks you may be susceptible too.  Frameworks such as ISO27001/2, BS17799-1/2 are key to helping you build your security program and sustain a level of confidence when it comes to data protection.  These frameworks cover areas of: Security Policies, Organizing information Security, Business Continuity Management, Communication and Operations Management, Compliance, Physical and Environmental Security, Asset Management, Human Resources Security, IS Incident Management, Information Systems Acquisition/Development and Maintenance, Access Control.

What does it take to understand my business environment as it relates to security risks and required protection?  How do I succeed?

One key element for determining risk to your data is to ‘KNOW YOU DATA!’

Without elaborating on how to know your data (Data Classification), this alone is a topic for another session, but one that is key to Data Protection.  I will touch upon this topic briefly (my paper on ‘The Plan Before The Plan’ details the need for data classification).

Data is an asset.  It has value. It therefore follows that somebody must own it.

For example, the Federal Financial Institution Examination Council (“FFIEC”) guidelines state that data classification should be an element of an enterprise’s risk assessment process.  Other examples abound, and are continually growing in number.  Virtually every organization has some obligation – from one or more regulatory sources — to ensure that stored data is protected from deliberately or negligently unauthorized disclosure, misuse, or modification.

Such mandates help when identifying the relative value of data.  Every organization must find ways to deploy its resources to protect data.  And you must always make choices: The higher the value, the higher the risk to your organization if that data were to become nonrecoverable.

The reason that most industries are in panic mode for protecting their data, is because of regulatory controls that are driving data protection. If you are in the finance business, along with SOX, you may be held to the GLBA (data privacy) and PCI(Payment card) requirements of how consumer data is to be safeguarded. There are specific controls around PCI alone that are mandated by Visa/Master Card that if not met can result in stopping you from processing Credit Card transactions. PCI has what we call the Dirty Dozen controls list of requirements. Each one of these controls have unique requirements on how you process and store consumer data.  If you are in Health Care in anyway shape or form(Hospital, Business Associate, Doctors Office, Medical billing vendor), you may be held to the HIPPA requirements for protecting patient data.

It all comes down to protecting the data. No matter the industry. If there are regulatory requirements that are the drivers or corporate mandated controls, the same types of mitigation processes will do the job. Buying hardware and software to mitigate against internal and external compromises is the easy part. The hard part will be changing your culture. We don’t do things the same as we did 20 years ago. The business changes and the level of risks also increase. A strong governance body is needed to drive the enforcement of security. Without this piece, there is no need for a security team.  

This is an Information Technology video. We’ll be launching a channel about: IT Best Practices, IT Competitive Advantage, IT Business Value, IT Business Agility, IT Continuity, IT Cloud Computing, IT Business Efficiency, Green IT, IT Sustainability, IT Data Center, IT Employee Productivity, IT Information Security, IT Client Technology, IT Efficiency, IT Innovation
Video Rating: 0 / 5

Technorati Tags: Compliance, Easy, Information, Made, Security

More and more attacks to online banking applications target the user’s home PC, changing what is displayed to the user, while logging and altering key strokes. In order to foil these threats, the IBM Zurich Research Lab has introduced the Zone Trusted Information Channel (ZTIC), a hardware device that can counter these attacks in an easy-to-use way. More information: www.zurich.ibm.com .

Technorati Tags: Channel, Information, Trusted, zone, ZTIC

Kristina, Lena, and I wrote this original song about John Green’s book, Looking For Alaska. Don’t watch unless you want to be spoiled. No, you will not get it if you haven’t read the book. www.youtube.com
Video Rating: 4 / 5

Managing the Human Factor in Information Security: How to win over staff and influence business managers

With the growth in social networking and the potential for larger and larger breaches of sensitive data,it is vital for all enterprises to ensure that computer users adhere to corporate policy and project staff design secure systems. Written by a security expert with more than 25 years’ experience, this book examines how fundamental staff awareness is to establishing security and addresses such challenges as containing threats, managing politics, developing programs, and getting a business to bu

Rating: (out of 1 reviews)

List Price: $ 50.00

Price: $ 28.93

Technorati Tags: after, Before, Green, John, original

Question by Diane B: How can I reaccess my original yahoo mail when my ex messed up my security information?
I’m unable to log into my yahoo mail and my ex- husband messed with my security information and it appears I can no longer log on. If nothing else any recomendations on how to get my address’s from it?

Best answer:

Answer by Q&A ANSWER MAN LOL AT MY TROLLS
That Is Required Information

sorry this is not what you want to hear
but going by the info you just gave me the links below will not help you
but you can try to convince yourself

http://help.yahoo.com/l/us/yahoo/mail/original/account/index.html

the secret question answer,zip code, birth date etc you used when you signed up was to protect your account from hackers
they are a part of yahoo security and required info to make account changes
with out that info you can not get in the account to make changes
the account will be deleted after 4 months of not signing in
you can not retrieve any info in that account
or if you have used your credit card with yahoo in the past you may get the account info you need from yahoo with that info

Create New Yahoo Email Account

you can have many yahoo accounts
sign out of this account
there is a sign out link at the top of this page
click mail
scroll down
then click Don’t Have A Yahoo! ID?
then click Sign Up

(if you had an account in the past and want an id close to the old one
add numbers or letters to the old id or create a different one)

Sign Up

https://edit.yahoo.com/registration?.intl=us&new=1&.done=http%3A//mail.yahoo.com&.src=ym

What do you think? Answer below!

Technorati Tags: Information, Mail, messed, original, reaccess, Security, Yahoo

Question by RuNDmC: Is Information Security/Assurance a good career?
I will have an associates in Computer Information Systems w/t focus in Security…I’m now going to go for a bachelors in information security/assurance…I see their are a lot of jobs needed out their in this career since it’s kind of new on the scene and not many colleges offer it as a major.

Best answer:

Answer by btrue2u04
I feel it is a good career; especially with all the security issues out there.

Add your own answer in the comments!

Technorati Tags: Career, good, Information, Security/Assurance

Americans can gain additional security with life insurance products
September marks the seventh annual Life Insurance Awareness Month, designed to raise awareness and educate consumers about the importance of life insurance coverage and the financial services representatives who are trained to help consumers meet their needs. Life insurance organizations and their representatives observe the occasion by providing information and activities regarding the role of …
Read more on The St. Augustine Record

Technorati Tags: Additional, Americans, gain, Insurance, Life, Products, Security

Question by J W: How much math is involved in becoming a information systems security professional?
I’m a C-5 quadriplegic and I used to be a welder but now I have to reeducate myself, I’ve always been more brawn than brains and I was wondering how much math is involved in becoming an information systems security professional or an AutoCAD technician-if anybody is taking these courses or have any suggestions about what a quadriplegic man could do for a living-I can use all the help I can get.

I pick my own best answers so try to be mature when you answer.

Best answer:

Answer by greenjelloland
To be honest, if math/logic isn’t your strong suit, you do not want to have a career in either computers or engineering.

Just sayin’…

I would take advantage of all the testing they can give you for career re-education at Vocational Rehabilitation. You can find the best area to concentrate on.

Know better? Leave your own answer in the comments!
Principles of Information Security by Whitman & Mattord

US $32.95 End Date: Thursday Sep-09-2010 21:38:54 PDT Buy It Now for only: US $32.95 Buy it now | Add to watch list

Technorati Tags: becoming, Information, involved, Math, much, Professional, Security, Systems