Category: Uncategorized

Occam’s razor states, “All things being equal, the simplest solution tends to be the best one.” When this is applied to data classification, making everything private and confidential sounds like the best option. The best policy I’ve seen says that all bank information (customer information, policies, procedures, contact lists, employee numbers, network diagrams etc.) is not to be shared with anyone. This saves the bank time and resources by not trying to define what can be shared within the bank or with outside parties and just says that everything is private and confidential to the bank. But more importantly it prevents people with malicious intent from getting information that could be useful to socially engineer or hack into bank systems. Some banks would be surprised to see how much damage a social engineer could do with just an employee contact list., like calling around until he can finagle a password out of an employee.

New movie is coming out in some indie theatres at the beginning of March and I definitely want to try and catch it. It is playing here in Dallas at the Inwood Theatre but I’ll be out of town but it looks like it’s playing there on the same day! Lucky me.

The E-Review process is going great! For those of you who haven’t had the pleasure of interacting with your IT consultants via video conferencing, you are missing out. Our clients really think it’s appropriate for the 21st Century and one of them is actually working on implementing a video conferencing setup because our review went so well.

(more…)

Thanks to all that were able to attend our webinar last Friday on Benefits of Virtualization and the Compliance Behind It. If you are wanting the slides for the presentation, you can download the PDF here.

I believe its been over a year since I last wrote on this topic, but as is evidenced by this article and the recent Treasury report, Social Engineering is every bit the problem its been since long before Mitnick made it famous.

For any social service that attracts 350 million users there is always going to be the spammers and hackers that attempt to abuse its users. However, I appreciate Cluley’s comments that despite that the business value is still too great to just block access.

From BankInfo Security…

So ever since Mark and I got back from BarCampBankSeattle and discovered what a ‘BarCamp’ is all about I have been wanting to do something similar within our company. To have a creative/idea session of sorts… We were finally able to most of us in the office, Roz called in from New Mexico via video Skype, and have our first internal barcamp of sorts yesterday.

This is a question we receive often. Security is part of the DNA of The Garland Group, so it is of our utmost concern. And, as a Security Consultant I can assure you that the answer to the question is very near and dear to my heart. So what is the answer? In a word…Yes.

RiskKey resides on Amazon’s AWS platform and is managed through EngineYard. Amazon AWS recently completed a SAS70 Type II review. The scope included a review of AWS’ operational performance and information security controls. While Amazon cannot release this information publicly (for obvious reasons), the independent audit firm did give the controls a favorable opinion. EC2 is the specific offering used by Amazon’s AWS offerings, which further protects your data by ensuring that network traffic within the EC2 cloud cannot be intercepted or spoofed.