Insider Threats - Infoworld http://www.infoworld.com/t/2108 en Protect your source code before it's too late http://www.infoworld.com/d/security/protect-your-source-code-its-too-late-239537?source=rss_insider_threats <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/virus_code_hp.jpg" alt="Protect your source code before it's too late" width="243" height="182" align="right" /></div> <p>It's one of the great computer security lessons.</p> Security Application Security Hacking Insider Threats Security Tue, 01 Apr 2014 10:00:00 +0000 Roger A. Grimes 239537 at http://www.infoworld.com RIP, information security, done in by backdoors and secret deals http://www.infoworld.com/d/data-center/rip-information-security-done-in-backdoors-and-secret-deals-233989?source=rss_insider_threats <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking.jpg" alt="RIP, information security, done in by backdoors and secret deals" width="243" height="182" align="right" /></div><p>Another day, another revelation about massive government data collection on citizens domestic and abroad, including (but not limited to) phone calls, Internet transactions, backdoors in encryption algorithms, man-in-the-middle att</p> Data Center Insider Threats Security Tools Data Center Security Mon, 13 Jan 2014 11:00:00 +0000 Paul Venezia 233989 at http://www.infoworld.com Trade secrets protection set to get tougher http://www.infoworld.com/t/insider-threats/trade-secrets-protection-set-get-tougher-229060?source=rss_insider_threats <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/code_gavel_hp_0.jpg" alt="Trade secret protection set to get tougher" width="243" height="182" align="right" /></div><p>Momentum is building for federal legislation protecting trade secrets, an intellectual property attorney said at a Silicon Valley seminar on Thursday.</p> Security Federal Regulations Intellectual Property Insider Threats Fri, 18 Oct 2013 11:32:41 +0000 InfoWorld Tech Watch 229060 at http://www.infoworld.com Lawmaker: Snowden may have had help with leaks http://www.infoworld.com/d/security/lawmaker-snowden-may-have-had-help-leaks-228198?source=rss_insider_threats <p>Edward Snowden may not have acted alone, and may have had outside assistance, when he leaked information about the U.S. National Security Agency's data collection and surveillance programs earlier this year.</p><p>Snowden's access to information he shouldn't have known existed raises questions about whether he had help in collecting information about NSA programs, Representative Mike Rogers, a Michigan Republican and chairman of House Intelligence Committee, said Thursday.</p> Security Edward Snowden Data Security Insider Threats Internet Privacy Government Fri, 04 Oct 2013 12:15:26 +0000 ccraig 228198 at http://www.infoworld.com Beyond honeypots: It takes a honeytoken to catch a thief http://www.infoworld.com/d/security/beyond-honeypots-it-takes-honeytoken-catch-thief-216467?source=rss_insider_threats <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Hacking3.jpg" alt="Beyond honeypots: It takes a honeytoken to catch a thief" width="243" height="182" align="right" /></div><p>Last week I talked about <a href="http://www.infoworld.com/d/security/no-honeypot-dont-bother-calling-yourself-security-pro-216038">the importance of deploying honeypots</a> to catch malicious hackers and malware.</p> Security Cyber Crime Hacking Insider Threats Security Tools Security Tue, 16 Apr 2013 10:00:00 +0000 Roger A. Grimes 216467 at http://www.infoworld.com No honeypot? Don't bother calling yourself a security pro http://www.infoworld.com/d/security/no-honeypot-dont-bother-calling-yourself-security-pro-216038?source=rss_insider_threats <div id="blog-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/honeypot_bee_hp.jpg" alt="No honeypot? Don't bother calling yourself a security pro" width="243" height="182" align="right" /></div><p>I'm constantly amazed by how many companies don't bother running honeypots, despite evidence that they're incredibly high-value, low-noise defense assets.</p> Security Insider Threats Intrusion Detection Vulnerability Assessment Security Tue, 09 Apr 2013 10:00:00 +0000 Roger A. Grimes 216038 at http://www.infoworld.com 5 places your data goes to hide http://www.infoworld.com/d/security/5-places-your-data-goes-hide-210800?source=rss_insider_threats <p>"Information wants to be free" is a gross understatement.</p> <p>Enterprises blanket their systems with security in the attempt to saturate every data repository with protection. Organizations affirm the logic of layering everything from access management to security zones to safeguard information assets. Yet, somehow, data still leaks. Real world exposure occurs virtually on a day-to-day basis.</p> Security Data Loss Prevention Insider Threats Office Software Intrusion Detection Network Security Tue, 15 Jan 2013 11:00:00 +0000 admin 210800 at http://www.infoworld.com Swiss intelligence insider may have swiped U.S. counterterrorism data http://www.infoworld.com/t/insider-threats/swiss-intelligence-insider-may-have-swiped-us-counterterrorism-data-208885?source=rss_insider_threats <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/IFW_Security_RISK_cuffs.jpg" alt="Swiss intelligence insider may have swiped U.S. Security Insider Threats Tue, 11 Dec 2012 11:00:00 +0000 InfoWorld Tech Watch 208885 at http://www.infoworld.com Secure or not? 10 spot checks will tell you http://www.infoworld.com/d/security/secure-or-not-10-spot-checks-will-tell-you-197928?source=rss_insider_threats <p>I don't know about you, but I can tell in about a minute how much someone I've just met knows about computers, networks, and security. It's in what they say, how they respond, and what they think about particular subjects. I bet most of you can do the same. And like me, I bet you've found these first impressions to be surprisingly accurate.</p> Data Center Security Authentication Log Analysis Insider Threats Network Security Password Security Patch Management Security Tue, 17 Jul 2012 10:00:00 +0000 Roger A. Grimes 197928 at http://www.infoworld.com Slimeball boss learns you don't mess with IT http://www.infoworld.com/t/it-jobs/slimeball-boss-learns-you-dont-mess-it-197408?source=rss_insider_threats <p>Honesty is always the best policy -- unless, it seems, you work in the upper echelons of the corporate world, in which case all too often <a href="http://www.infoworld.com/t/information-technology-careers/7-dirty-consultant-tricks-and-how-avoid-them-165">honesty becomes optional</a> based on cost analysis and the impact on the bottom line. They usually get away with it. But not always.</p> <p>Case in point: The events of the summer of 2008 when I worked for the world headquarters of a well-known corporation. As it happened, most of the senior managers were based at the same site.</p> Computer Hardware Security your IT tales Access Control IT Jobs IT Management IT Training Laptop PCs Tech Support Insider Threats Wed, 11 Jul 2012 10:00:00 +0000 Anonymous 197408 at http://www.infoworld.com Cisco's ugly bait and switch http://www.infoworld.com/d/data-center/cisco-shows-true-face-in-ugly-bait-and-switch-197074?source=rss_insider_threats <p>You may have heard about Cisco's shenanigans last week, in which an automatic firmware update for several models of the company's Linksys home wireless routers <a href="http://www.computerworld.com/s/article/9228687/Linksys_firmware_upgrade_for_Wi_Fi_routers_angers_some_users" target="_blank">forced users to create and log into a Cisco cloud service account to manage their router</a>. In addition, some previously available functionality disappeared in the update. I cannot fathom how a company whose reputation is built on its tech savvy could concoct such a disaster of a scheme.</p> Data Center Networking Security Cisco Systems Network Router Firewall Insider Threats Security Mon, 09 Jul 2012 10:00:00 +0000 Paul Venezia 197074 at http://www.infoworld.com Security swallows the CEO http://www.infoworld.com/t/it-jobs/security-swallows-the-ceo-196964?source=rss_insider_threats <p>In an era when <a href="http://www.infoworld.com/t/hacking/hacker-group-demands-idiot-tax-payday-lender-195964">security breaches hog the headlines</a> and companies scramble to <a href="http://www.infoworld.com/d/security/the-two-most-feared-attacks-and-how-avoid-them-196351">protect corporate data</a>, in some ways I'm grateful to work for a CEO who emphasizes the need for security. But there are drawbacks.</p> Computer Hardware Data Center Security your IT tales Data Center Design IT Jobs IT Management IT Training Data Security Servers Hacking Insider Threats Thu, 05 Jul 2012 10:00:00 +0000 Anonymous 196964 at http://www.infoworld.com Download the Insider Threat Deep Dive Report http://www.infoworld.com/t/insider-threats/download-the-insider-threat-deep-dive-report-193502?source=rss_insider_threats <p>Insiders are responsible for as much as 80 percent of malicious attacks. Because insiders are trusted by nature, detecting their illicit activities requires an array of monitoring, scanning, and other techniques. Roger Grimes, an InfoWorld contributing editor -- and a working security professional who tracks down unscrupulous insiders -- explains how to plan and execute a complete insider threat strategy.</p> <p>In this Deep Dive special report, InfoWorld takes you through the three stages of dealing with insider threats:</p> Open Source Software Insider Threats IDG Insider Fri, 18 May 2012 10:00:00 +0000 uphan 193502 at http://www.infoworld.com Will the real security threat please stand up? http://www.infoworld.com/t/cringely/will-the-real-security-threat-please-stand-189369?source=rss_insider_threats <p>This week saw two somewhat conflicting reports on our current state of insecurity. The news ain't good, but it's better than you might expect.</p> <p>First up, Verizon released its eighth annual <a href="http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012-press_en_xg.pdf" target="_blank">Data Breach Investigations report [PDF]</a>. The star of this report: our <a href="http://www.infoworld.com/t/cringely/tinker-tailor-coder-spy-anonymous-strikes-again-185696" target="_blank">old friends Anonymous</a>.</p> Security Cringely Data Loss Prevention Data Security Hacking Insider Threats Fri, 23 Mar 2012 18:34:50 +0000 Robert X. Cringely 189369 at http://www.infoworld.com 6 tips for secure cloud shopping http://www.infoworld.com/t/cloud-security/6-tips-secure-cloud-shopping-189023?source=rss_insider_threats <div style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Cloud_Security_hp.jpg" alt="6 tips for secure cloud shopping" width="243" height="182" align="right" /></div><p>Cloud service providers are taking advantage of buyer ignorance about cloud security, pushing tantalizingly low-cost service contracts that don't meet prospective customers' security needs.</p> Cloud Computing Security Cloud Security Endpoint Protection Insider Threats Tue, 20 Mar 2012 10:00:00 +0000 InfoWorld Tech Watch 189023 at http://www.infoworld.com Most organizations take months -- or years -- to discover a breach http://www.infoworld.com/d/security/most-organizations-take-months-or-years-discover-breach-187715?source=rss_insider_threats <p>Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.</p> Security Authentication Data Security Hacking Insider Threats Thu, 01 Mar 2012 12:36:10 +0000 admin 187715 at http://www.infoworld.com Mobile data privacy is terra incognita to users and developers http://www.infoworld.com/d/mobile-technology/mobile-data-privacy-terra-incognita-users-and-developers-187262?source=rss_insider_threats <p>President Obama's move Thursday to establish a so-called Privacy Bill of Rights for the Internet can be seen as the consolidation of decade-long efforts by disparate groups to improve privacy protections via countless browser add-ons, settings, and privacy policies. But while it's possible to guard privacy on the desktop, the rapidly growing mobile space is still the Wild West, with an almost endless landscape of privacy pitfalls that challenge even the most vigilant consumer.</p> Mobile Technology Security Mobile Apps Mobile Security Insider Threats Thu, 01 Mar 2012 11:00:00 +0000 admin 187262 at http://www.infoworld.com Federal Reserve contractor charged with source code theft http://www.infoworld.com/d/security/federal-reserve-contractor-charged-source-code-theft-184559?source=rss_insider_threats <p>A U.S. Federal Reserve contractor has been charged with copying the source code of software that keeps track of large exchanges of money between U.S. government agencies.</p> <p>Bo Zhang, who lives in Queens, New York, worked for the Reserve Bank of New York as a computer programmer on behalf of an unnamed third-party contracting firm. He was arrested Wednesday and released on $200,000 bail. He faces up to 10 years in prison and a $250,000 fine.</p> Security Insider Threats Thu, 19 Jan 2012 20:10:46 +0000 admin 184559 at http://www.infoworld.com IBM software eases role-based security operations http://www.infoworld.com/d/applications/ibm-software-eases-role-based-security-operations-183980?source=rss_insider_threats <p>IBM this week announced an identity-management analytics tool that eases what can be a tedious job for information-technology managers -- defining roles for employees in order to establish policy-based access to a network and application resources.</p> <p>The software called "Security Role and Policy Modeler" has been added to the IBM Security Identity Manager suite, IBM's flagship product for policy-based access management and governance.<a href="http://www.networkworld.com/news/2012/011112-ibm-patents-254787.html?hpg1=bn"></a></p> Applications Security IBM Access Control IT Management Authentication Insider Threats Thu, 12 Jan 2012 17:57:58 +0000 admin 183980 at http://www.infoworld.com Secondhand networks and back-alley firmware http://www.infoworld.com/d/data-center/secondhand-networks-and-back-alley-firmware-181975?source=rss_insider_threats <p>When it's time to update firmware on, say, a router or a switch, the vast majority of folks head to the vendor site and grab whatever version they need, easy-peasy. But a large and growing number of admins don't have that luxury because the vendor requires paid support contracts to access those files -- and, in many cases, will only allow access to firmware for hardware covered under those contracts.</p> Data Center Networking Network Architecture Network Management Network Router Network Switch Insider Threats Networking Mon, 19 Dec 2011 11:00:00 +0000 Paul Venezia 181975 at http://www.infoworld.com