Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Newest First  |  Oldest First  |  Threaded View
hykerfred
hykerfred,
User Rank: Apprentice
10/10/2017 | 7:19:25 AM
Strong end-to-end data life cycle encryption
A complicating issue that you briefly touch upon is about data ownership. When partners share data, how do you maintain control? Or if you are part of a system of systems, like e.g. a smart city application, where you provide data "upwards" in the system hierarchy, but you still want to control it so that it doesn't leak to your competitors "sideways"? Or you want to have different pricing on specific data elements depending on usage and users in this ecosystem of systems?

I strongly believe in encryption as the mechanism that needs to be fully implemented, as you point out. A good granular and distributed encryption model that can handle the complicated key sharing needed can also solve many of the other issues I mention.
REISEN1955
REISEN1955,
User Rank: Ninja
10/9/2017 | 3:08:24 PM
Human Resource
The rules of an HR department share in this --- and some departments interface badly with the IT sector.  In a position I left in July of this year, i still had access to email (potentially everything) for about 2 weeks.  The insider threat is very real when it comes to terminated employees, who find any number of reasons to take whatever they can before being walked out of the door.  And HR policies can be awful.  When someone is fired or let go, RULES should come into effect RIGHT THEN AND THERE.  Inventory clean up, preservation of data, legal hold, and elimination of login and access rights WITHIN 30 MIN if possible.  


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32915
PUBLISHED: 2022-12-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-43864
PUBLISHED: 2022-12-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-43865
PUBLISHED: 2022-12-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-43866
PUBLISHED: 2022-12-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.
CVE-2021-43867
PUBLISHED: 2022-12-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.