Category: Uncategorized

When it comes to the safety of your data and technology systems, it’s vital that your organization recognizes the reality of the “information security lifecycle.” By its very name, the info security lifecycle indicates that true information security is a process, not a “one and done” solitary project. Information security has no end-point, and your operational framework should always strive to acknowledge that fact.

At Vala Secure, we use a lifecycle model that serves as a useful baseline to help build a solid foundation for any security program across any type of organization and industry focus. Using the lifecycle model can provide you with a road map to ensure that your information security is continually being improved.
(more…)

Security penetration testing (also known as pen testing) is often mixed up with the concept of vulnerability scanning for a corporate network. To clarify, vulnerability scanning is simply when cybersecurity professionals assess digital infrastructure and systems to find points of potential access or vulnerability.

From Bank Technology News:

As a healthcare provider, it’s essential that your information security is top notch. The Health Insurance Portability and Accountability Act (HIPAA) requires all organizations in the healthcare industry to take steps to keep their patient data safe. Are you doing enough to prevent a breach?

Imagine: You receive an email from your company payroll department. The email confirms your request to change your direct deposit details for your most recent paycheck. You see that the paycheck has been deposited into a new account. The message indicates that your account has been successfully updated. One problem — you never submitted such a request. Racking your brain, you wonder if you somehow forgot making that request. A quick scan of your sent emails does not help. However, you think about an email you received maybe a few weeks ago. You find it in your Deleted Emails folder. Using suspicious grammar, the email vaguely refers to your company and the payroll department. Even though you opened it, you knew not to click on any links within the obviously fraudulent message and immediately deleted it, confident that you avoided another scam. Although you spotted this phishing attempt, someone in your payroll department clearly did not.

Watch almost any movie from the 90s or early 2000s dealing with computers and you will see a highly stylized version of “hacking”. The scene will probably feature a t-shirt or hoodie-clad “hacker” sitting in a basement, surrounded with computer screens and green text. Cue to a closeup of the hacker furiously typing while green text scrolls down the monitor at an equally rapid rate. Suddenly, we hear a ping and an excessively large notification window appears, signaling that the hacker has succeeded. Depending on the movie, the hacker will use his powers for either good or evil.

Most companies understand the value in a good web filter, and most employees appreciate the frustration that the web filter creates by blocking access to some of their favorite sites. As IT professionals, we understand the risks introduced by allowing a trusted machine inside our network to access certain social media sites and others that are known to contain spyware, adware and a litany of other bandwidth robbing malware.

Beyond the risks introduced through ʻinfectionʼ, web filters also have been shown to increase productivity by restricting access to time-wasting sites that fall into the category of gaming and shopping. Just 30 minutes of mindless surfing a day, when multiplied by 50 employees, adds up over the course of the 40 hour work week.

Cyber security may be a newer, more complex field, but it actually shares many common rules with other industries. One of these is the “Pareto principle,” which dictates that 80% of the effects come from a mere 20% of causes. In other words, this means that the distribution of cause and effect can be (and usually is) uneven, and learning your way around this can be vital for any business.  (more…)

What is a policy? What is a procedure? To many this can be a deceptively confusing topic. What is the difference between the two? Where do you draw the line? These are strangely important questions, and the answers can affect your workload in a very real way. So how do we cope? Well… we have two options: