information security

Through decades of acquisitions, Cisco has gained the expertise and experience to make M&A seamless and successful by making cybersecurity a priority throughout the integration process.

Organizations that engage in M&A should include an information security strategy as part of the process.

Cisco Spark is now ready for use in healthcare consistent with customer needs for HIPAA, a U.S. healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information.

Classifying and compartmentalizing information has been around within the Department of Defense before it was even called the Department of Defense. However, as DOD information that was once secured in vaults and safes has become digital data, many new regulations have been introduced that mandate how this data should be processed and handled. These regulations […]

In Greek mythology, Sisyphus was a trickster king cursed with the eternal torment of fruitless labor. As punishment for his hubris and wile, Zeus condemned this hapless figure to the unending task of pushing a boulder up a mountain. Once he reached the top, the boulder would fall back down. And he would begin again. […]

In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees' awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks to gain access to a user's system before launching further attacks at internal targets. As such, if employees are vigilant against such attack patterns, we should effectively reduce the risk of successful APT attacks involving email phishing.

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, […]

Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment. One of the challenges information security management teams […]

Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment. Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is […]