Improving Data Security (Especially Medical)

We know the problems with the Anthem Breach: no encryption But does it mean you should encrypt your data?   What does it mean to “encrypt the data” What if your data is “stolen” with correct credentials, i.e. if someone has  the username and password then it is over, whether the data is encrypted matters … Read more

Why is Pentesting Needed?

Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more

Why #cybersecurity breaches? Insanity is cause

Is there something fundamentally wrong with our thinking? Anthem is only the latest victim of the multiple victims last year. Over 1 Billion records were breached or stolen in 2014 and human error or accidents are  the cause 25% of the time (Network World story). “Mega breaches are the defining trend, exposing tens of millions … Read more

SSL security is no longer PCI compliant

As you may know SSL is the security standard upon the encrypted Internet was first built. the Secure Socket layer is no longer secure though. If you read our POODLE (Padding Oracle On Downgraded Legacy Encryption)post: http://oversitesentry.com/the-sslv3-vulnerability-fix-and-explanation/ It showed the current reality of SSLv3 (the latest version) is no longer secure. And thus it is … Read more

Is Cloud Computing Secure?

Moving to the Cloud is important for the “next” level of IT in the board room(the Chief xO’s and directors…)   all you need is a browser in “the cloud”   Why? Now we can have  computing at our desktops and mobile devices without the local infrastructure. We don’t need those specialist IT people (I … Read more