Category: Data Protection

  • Q & A with GDPR Expert: What to know about Privacy and Security for IoT Devices

    Posted on July 13, 2018 by Sally Guenette

    This blog post lists the questions raised on TUV Rheinland OpenSky’s recent webinar: Approaches to Privacy and Security for IoT Devices in a GDPR World. For a recording of the webinar, please click here.
    Questions and Answers
    Question 1: Is GDPR targeting small to medium-sized companies? Learn More

  • Phishing your way Past Multi-Factor Authentication

    Posted on July 24, 2017 by Charles Worrell

    Let’s say an attacker gains access to a valid set of employee credentials. If you don’t have multi-factor authentication (MFA) in place, the attacker has hit the jackpot. They can quickly authenticate against any publicly available asset that accepts the compromised username and password.

    But what if you do have MFA in place? You have a federated single-sign-on portal as the gatekeeper to your sensitive public assets, and it’s protected with MFA. Learn More

  • Ensure Weak Identity Assurance Isn’t Hurting Your Investments in Strong Authentication and Leaving You Exposed to Cyber-Attack

    Posted on April 11, 2017 by Mark Coderre

    The weakest link in the identity chain is moving from authentication to identification, a shift typical of compliance driven programs emphasizing authentication, and recognized by the newly drafted National Institute of Standards and Technology (NIST) eAuthentication standard. NIST 800-63-A, B, & C guidelines establish identity enrollment, proofing, authentication, and federation guidelines. Learn More

  • Sound Security Architecture is the Key to Digital Identity Assurance

    Posted on February 1, 2017 by Seth Art

    The weakest link in the identity chain is no longer authentication; it has moved!

    The identity chain has many links (Identify, Provision, Authenticate, Federate, Manage, De-Provision), and for years the reliance on passwords has made authentication the weakest link. The use of passwords for user authentication is often the one piece of the cyber security system whose creation and safety is left in the hands its users; rather than being entrusted to its designer and administrators. Learn More

  • Six Steps to an Effective Incident Response Exercise

    Posted on September 2, 2016 by Mark Coderre

    Incident Response drills shouldn’t be viewed as overhead, or a discretionary spend, because a poorly executed response to a cyber security incident translates to material financial, regulatory, and reputational costs for your organization.

    Effective incident response requires preparation; this includes not only preventing incidents, by ensuring that systems are secure, but also establishing an incident response capability so that you’re confident your organization is ready to respond. Learn More