Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun & Bradstreeet. Both of these organizations aggregate and sell consumer and business PII.
When PII is misrepresented, the experience for the true PII owner can range from unsettling to pure exasperation due to the fact that the victim’s virtual identity must be reclaimed and a consistently proven remediation roadmap still does not fully exist. A recent survey estimated that in 2012 over 12 million Americans were the victims of identity theft.
Fortunately, in addition to the standard PII definition a majority of states –such as California’s Penal Code §530.55 - now include credit card numbers and even computer media access control (MAC) addresses. The comprehensive definition and accompanying legislation is giving law enforcement the ability to charge suspects with identity theft and aggravated identity theft, but individuals still need to be aware of the risks and respond accordingly.
Below are five realistic almost universal U.S.-centric identity theft risk factors followed by guidance on proactively saving you those precious resources – time and money.
1. You don’t control your PII. Read More »
Tags: ATM, credit cards, Dun & Bradstreet, fraud, ID theft, identity theft, LexisNexis, personally identifiable information, PII, risk, TRAC
I hear so much lately about innovation with virtually every company claiming that they are innovative. Is that really true, or is it yet another over used buzz word that has no substance? I personally see little true innovation, just claims of being innovative (who would say otherwise, right?). One way to determine if innovative is actually taking place is to ask yourself a few questions:
- Are you scared (just a bit)?
- Do you have more skeptics than advocates?
- If you fail, are there repercussions?
- How do you define failure?
- How much permission did you need to execute?
I especially like the skeptics vs. advocates question. It directly correlates to a safe zone that is easy to fall into. It’s where little innovation can take place -- a black hole. Some of the best outcomes have occurred when there were few supporters (until it succeeded). Read More »
Tags: continuous innovation, ideation, innovation, leadership, marketing, risk
In a previous blog, I posted the first of three pitfalls of hitching your wagon to the cloud . Today, let’s cover the second pitfall of force fitting cloud into your current security model.
Recently, I had an opportunity to listen to the CIO of a Fortune 100 company talk about top business care-abouts for IT. We have all heard about cloud and virtualization as technology care-abouts, but this CIO boiled it all down to two things that matter for IT: Productivity and Risk. Read More »
Tags: ASR_1000, CIO, cloud, Hybrid Cloud, ISRG2, IT, risk, security, vpn, WAN
Feel the fear and do it anyway is a commonly used phrase when trying to persuade someone to try something new. It may seem like a cliché but taking risks can actually bring great rewards.
A friend of mine has recently returned from volunteering in Asia. Someone who is normally afraid of spiders at home chose to live and work in the middle of the jungle. She slept in a hammock, had to regularly check her sleeping bag for scorpions and lived side-by-side with a whole host of dangerous insects and animals with only 12 other people around her. The task was not only physical but mentally very challenging as well.
I’m pleased to report that she survived, and not only that, she loved it! She wasn’t the only one taking on the new challenge, people from several countries and all walks of life chose to volunteer and work together as part of a team. They went into the unknown, becoming friends with people they would never normally meet back home and putting their all into whatever work was presented to them. The results, my friend says, were remarkable and the experience will stay with them for the rest of their lives.
Read More »
Tags: diversity, inclusion, Inclusion and Diversity, risk, volunteering
Mark Twain once wrote, “Everybody complains about the weather, but nobody ever does anything about it.” Security policy is a lot like that. Creating a security policy is at the top of the list for anyone looking to really secure their network. But the devil is in the details.
Among the things a security policy needs to cover are:
- All users
- All physical and virtual devices
- All access methods
- All resource classifications and locations
- All compliance requirements
- All of the OSI layers, from the physical layer up the stack to the application layer
- AND the policy needs to be applied uniformly across the entire distributed enterprise
Read More »
Tags: identity, Identity Services Engine, ISE, policy, risk, security