Cisco Blogs


Cisco Blog > Security

Summary: Friend or Foe? When IoT Helps You Get Hacked by Your Security

Businesses of all types and sizes stand to benefit greatly from the Internet of Things (IoT), with a wealth of intelligence for planning, management, policy, and decision-making that will help them maximize productivity and efficiency while minimizing costs. However, if not properly protected by integrating it with a solid network security solution, the consequences can be devastating. Read More »

Tags: , , , , , , , ,

5 of 9 HIPAA Network Considerations

Over the last several weeks, I’ve been posting a blog series around nine HIPAA network considerations.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Ignorance is not bliss
  5. Risk Assessment drives your baseline
  6. Risk Management is continuous
  7. Security best practices are essential
  8. Breach discovery times: know your discovery tolerance
  9. Your business associate(s)must be tracked

This week we focus on #5 – Risk Assessment drives your baseline.

Read More »

Tags: , , ,

Friend or Foe? When IoT Helps You Get Hacked by Your Security

IoT Needs Physical and Network Security 4Earlier this year, the number of connected devices reached the 10 billion mark, surpassing the world’s human population, and experts expect that number to reach 50 billion over the next two years. This phenomenon, known as the Internet of Things (IoT), comprises a highly distributed model of connected objects, devices, and sensors that are used to communicate data. Everyday products can then use that data to analyze, plan, and make intelligent decisions. While IoT promises to fundamentally change our daily lives, arguably the most significant impact of IoT will be to the business world.

While consumers will enjoy new levels of connectivity with IoT, businesses will receive the lion’s share of the benefits. IoT will usher in a wealth of intelligence that businesses can use for planning, management, policy, and decision-making that will help them maximize productivity and efficiency while minimizing costs. In fact, some of these business applications already exist. For example, by connecting their cameras to the network, retailers can use analytics tools that can help them improve customer service, understand traffic patterns, and enhance inventory decisions. Read More »

Tags: , , , , , , , ,

Attend the 2013 PCI Community Meeting for the Latest Core PCI Standards

The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The 2013 meeting will focus on the updates to core PCI standards: PCI DSS, PTS PA-DSS.

Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the seventh annual PCI SSC North American Community Meeting. The meeting runs September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada.

Read More »

Tags: , , ,

BREACH, CRIME and Black Hat

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a brief overview of the attack at the following blog post:
http://blogs.cisco.com/security/beat-the-beast-with-tls

In 2012, again at the ekoparty Security Conference in Buenos Aires, Rizzo and Duong revealed a compression side-channel attack against HTTPS called CRIME. This year at Black Hat USA, Angelo Prado, Neal Harris, and Yoel Gluck uncovered a new attack and a tool they called BREACH, which is based on some of the previous research by the folks behind CRIME.

Read More »

Tags: , , ,