Tag Archives: Security Awareness

The insider is still one of the most vulnerable elements of cybersecurity and it was the discussion of the recent Modern Workplace webcast on cyber intelligence and the human element.  Insiders are those who are authorized to work on company systems or in company facilities and they include trusted employees and contractors.  Whether it is through human error, social engineering, or intentional action, insiders are the cause of a significant portion of malware infections, data breaches, information theft, and privacy violations. There are some key strategies you can use to…

Continue reading

Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data and availability by deleting data or taking down the systems that host the data. By and far, most attacks have been focused on disrupting confidentiality or availability so defense mechanisms and training have also been…

Continue reading

I welcome you to join me on November 8 at Grace Baptist Church of Westlake for the Untangled Conference.  I will be presenting on security awareness to provide helpful tips and tricks to keep your computer and church network secure. Untangled Conference – November 8, 2014 – Security Awareness from Eric Vanderburg   December 1 Update: Chris Brown took a photo of the Untangled Conference group which I have attached below:
A recent study by Deloitte, titled Blurring the lines: 2013 TMT global security study, shows that 59% of Technology, Media, and Telecommunications (TMT) companies suffered a data breach.  88% of these companies do not believe that they are vulnerable to an external cyber threat such as hacking.  Rather, the three highest threats were: Employee errors and omissions Denial of service (DoS) attacks Security breaches by third parties Employee errors and omissions Awareness is a critical factor here, and Deloitte lists it as one of the top three security initiatives of…

Continue reading

Here is a fact that many of us would like to forget.  Most data theft occurs by insiders.  This is often termed the insider threat or the human threat.  Insiders are the people who would usually be considered very trustworthy.  However, all it takes is some incident or life change to occur that can motivate someone to commit a crime. An evaluation of cases of insider theft has provided statistics useful in identifying the types of employees who are most likely to threaten information security.  Surprisingly, it’s not the underpaid computer…

Continue reading

Every once in a while, a web site will try to convince you to change your security settings.  I was looking for blinds the other day, and I found a web site that had a great deal.  When I tried to customize the blinds, I was presented with this web page informing me that I needed to modify my cookie settings for first and third-party cookies for the site to work. I tried the site in a few browsers, and this page came up each time I tried to modify…

Continue reading

JURINNOV is pleased to announce the release of an important and timely white paper, ” Developing a Security-Oriented Corporate Culture.” Organizations that do not develop a security-oriented corporate culture are risking fraud, loss or misuse of data, and even legal responsibility when information is compromised, according to the new white paper written by Eric Vanderburg of JURINNOV.

Eric, Director of Information Systems and Security at JURINNOV, wrote the white paper as a means of informing clients that corporate culture is a vital aspect of information security. Readers will benefit from his detailed analysis, which is available free online.

As the white paper makes clear, “the greatest security initiative may fail because of an incompatible corporate culture.”

Continue Reading

Historically, ecological concerns have been significant drivers for change.  Topics ranging from global warming to protecting various species carry a strong emotional appeal, thus, motivating business and personal change with the ultimate goal of protecting the environment.  These environmental initiatives have been termed “green initiatives” and they impact IT in the form of “green computing.”  The popularity of the green computing initiatives stems not only from environmental concerns but also from a financial concern. A primary goal of many green computing initiatives is to reduce power consumption as this has…

Continue reading

For more than a decade, computer generated digital certificates have made it possible to authenticate the identity of computer systems, data, and web sites by connecting a public key with an identity such as an owner’s name.  The process relies on trust.  “Secure” websites utilize such a certificate to validate their identity.  This digital certificate is usually procured from a company that will verify the identity of the company administrating the site.  The digital certificate issued to them will be validated by a trusted root certificate authority or by a…

Continue reading

Gerald Wilde had a theory called risk homeostasis.  This theory hypothesizes that people have a level of acceptable risk.  When they perceive that there is less risk, they will take more risky actions to bring them to an acceptable level and when they perceive more risk, they will be more cautious.  Information security is very concerned with managing risk and reducing it to an organizationally acceptable level.  However, an organization is made up of many people and they may have a different level of acceptable risk than the organization does. …

Continue reading