Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

What, Me Worry? Car Data, Where Does It Go... →

February 25, 2018 by Marc Handelman in Data Classification, Data Leakage, Data Driven Security, Data Science, Data That Wants To Be Big, Database Security, Information Security

Where does all of that data gathered by car manfacturers while we drive? Perhaps Jonathan M. Gitlin, reporting for everyone's beloved Ars Technica can fulfill that data request in a speedy manner! Shouldn't the driver/owner of the vehicle make that decision? Enjoy.

February 25, 2018 /Marc Handelman
Data Classification, Data Leakage, Data Driven Security, Data Science, Data That Wants To Be Big, Database Security, Information Security

Clouding Up →

June 01, 2017 by Marc Handelman in All is Information, Data Classification, Data Driven Security, Data Leakage, Data Security, Espionage, Government, Information Security, Information Technology, USNGA

via Gizmodo investigative reporter Dell Cameron, comes the astounding news of the systemic incompetence in properly handling secret documents and other artifiacts stored within the cloud (in this case, AWS S3 Buckets) by a well established contractor to the National Geospatial-Intelligence Agency (NGA). Certainly, a first-rate example of an Expanding Cloud of Lethal Stupidity (ECOLS).

Where does the organization in question fall within the Noel Burch Hierarchy of Competence model?. Should the culprits in this scenario be prosecuted? You be the judge. Truly astounding, indeed.

"A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton, one of the nation’s top intelligence and defense contractors. What’s more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance." - via Gizmodo reporter Dell Cameron

June 01, 2017 /Marc Handelman
All is Information, Data Classification, Data Driven Security, Data Leakage, Data Security, Espionage, Government, Information Security, Information Technology, USNGA

BSidesCincy 2015, The Value of a Simple DLP Program →

August 06, 2015 by Marc Handelman in All is Information, Data Loss Prevention, Data Security, Data Classification, Data Driven Security, Database Security, Information Security
August 06, 2015 /Marc Handelman
All is Information, Data Loss Prevention, Data Security, Data Classification, Data Driven Security, Database Security, Information Security

Crumbs, Data Breadcrumbs →

April 23, 2015 by Marc Handelman in All is Information, Data Classification, Database Security, Data Security, Information Security, Data Driven Security
April 23, 2015 /Marc Handelman
All is Information, Data Classification, Database Security, Data Security, Information Security, Data Driven Security
TS.png

Exactly →

December 02, 2014 by Marc Handelman in All is Information, Data Security, Database Security, Information Security, Infosec Policy, Security Governance, Data Classification

In a tour de force screed, published at InfosecIsland, Steve Martino, details exactly what is required for data classification to succeed, and the impact of that classification effort on an organization's information security posture. (Mr. Martino is CISCO Systems, Inc. (NasdaqGS: CSCO)  CISO and VP of Information Security.)

December 02, 2014 /Marc Handelman
All is Information, Data Security, Database Security, Information Security, Infosec Policy, Security Governance, Data Classification