InfoSec Blog

Using Computer Forensics to Investigate Employee Data Theft

May 1, 2017

Timothy Opsitnick, Joseph Anguilano and Trevor Tucker Over 25 percent of employees steal proprietary data when departing a company or organization, according to a recent study by Biscom.  To that end, our experience shows that departing employees have a sense of ownership over the data that they copy.  Intellectual property commonly stolen includes customer lists, […]

Continue Reading »

Developing a Security-Oriented Corporate Culture

September 16, 20160 Comments

JURINNOV is pleased to announce the release of an important and timely white paper, “Developing a Security-Oriented Corporate Culture.” Organizations that do not develop a security-oriented corporate culture are risking fraud, loss or misuse of data, and even legal responsibility when information is compromised, according to the white paper written by Eric Vanderburg of JURINNOV. […]

Continue Reading »

The Five W’s (and How) of Ransomware

August 12, 20160 Comments

Ransomware is quickly becoming the weapon of choice used by hackers against consumers and businesses alike.  Its impact can be especially devastating to businesses as an infection on one single machine can spread to other computers and shut down an entire network.  Ransomware may be lurking inside an email attachment or online advertisement, and the […]

Continue Reading »

The human brain vs. computers in the identity challenge

March 22, 20160 Comments

Eric Vanderburg The concept of identity is core to the protection of data.  Data and other computing resources exist to be used by individuals, each of whom has an identity that is used to grant of deny access to such resources.  However, identity is not limited to humans.  Computer services also have an identity that […]

Continue Reading »

Big Data ROI – How to use what you already have

January 6, 20160 Comments

Eric Vanderburg We may not be using more of our brains but we can probably use more of our data. Did you know that organizations typically use only 1 percent of the data they collect? Why is this and how can we change it? Do organizations need more motivation, utility, expertise, tools, or just better […]

Continue Reading »

Top security initiatives for 2016

December 22, 20150 Comments

Eric Vanderburg 2016 is going to be a big year for security. News of data breaches and the major technological innovations of 2015 will put more pressure on companies to implement effective organizational security. I believe 2016 will see major initiatives in these seven areas: Securing the supply chain, leveraging more data analytics for security, […]

Continue Reading »

4 ways to avoid holiday phishing on Black Friday

November 24, 20150 Comments

Eric Vanderburg Cybercriminals are raising the black flag this Black Friday and Cyber Monday. These are the biggest shopping days of the year and these criminals know that the sales ads and offers will soon start pouring in. Buried among those offers will be fake deals from these cyber criminals. Use these tips to stay […]

Continue Reading »

No compromise with the hybrid cloud

November 19, 20150 Comments

Eric Vanderburg This statement may be familiar to many who have considered cloud services and it was both the start and end to many cloud discussions. What is most important to you, cloud security and service customization or flexibility and cost? Those who picked security and service customization adopted a private cloud model and those […]

Continue Reading »

Cloudsizing: Finding the right fit for your cloud

November 10, 20150 Comments

Eric Vanderburg The maturation of the cloud is fascinating as it continues to adapt, providing more opportunities for companies and consumers to leverage the vast computing and storage power of computers around the world. Whether those resources are housed in a corporate data center or dedicated hosting facility as part of private cloud services or […]

Continue Reading »

Which Security Career is Right for You?

October 29, 20152 Comments

Eric Vanderburg Security is a growing field, and with its growth come many different career options. As you gain experience in different security areas, you may choose to further specialize or move into management in that area. Some security roles include analyst, network security engineer, auditor, computer forensics and penetration testing.

Continue Reading »

Preserving email integrity in eDiscovery

October 27, 20151 Comment

Eric Vanderburg I was recently asked the question, Can eDiscovery systems prove the integrity of the email that they discover? If so, how? Email differs from loose files in that emails are contained within a database such as Microsoft Exchange or IBM Lotus Notes.  Loose files are typically hashed using a mathematical algorithm that can […]

Continue Reading »

The missing leg – integrity in the CIA triad

October 20, 20150 Comments

Eric Vanderburg Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by […]

Continue Reading »

Security Career Networking Tips

October 15, 20150 Comments

Eric Vanderburg Do you know why all the major online retailers offer a way for users to review products? It’s because people want feedback from others when making a decision. Job searches are no different. A resume may say a lot about skills and experience, but it says little about a person and, in the […]

Continue Reading »

Regaining your anonymity online

September 22, 20150 Comments

Eric Vanderburg Anonymity has been a longstanding hallmark of the Internet but you should no longer assume that your online activities are anonymous. A vast amount of information is collected as you use the Internet. Search engines store the key words you search for and the pages you visit, browsers store web history, which may […]

Continue Reading »

Getting Over The Experience Hurdle

September 8, 20150 Comments

Eric Vanderburg New graduates are in a tough spot, especially those interested in cyber security. A majority of cyber security positions require one or more years of experience; and thus the difficulty, because experience is often earned on the job. Don’t let this hold you back from applying for one of these positions, because there […]

Continue Reading »

Protecting consumer data in the Internet of Things

August 31, 20150 Comments

Eric Vanderburg The Internet community grows larger every day as more and more devices attach to it. These devices increasingly include, not computing devices, but everyday things such as HVAC systems, lighting, pumps, and even animals. We are at the beginning of a new age where items in the physical world can be monitored, controlled, […]

Continue Reading »

What you need to know about Windows 10 Security and Privacy

August 14, 20150 Comments

Eric Vanderburg Microsoft officially launched its successor to Windows 8.1, Windows 10, on July 29, 2015 and millions have already downloaded this free upgrade or utilized Microsoft’s queued digital delivery system. Windows 10 offers users many new features including a new browser and integrated Cortana search which essentially means that your operating system is integrated […]

Continue Reading »

A breach is found. Now whom do I tell?

July 15, 20150 Comments

Eric Vanderburg and Bev Robb In 2014, the Identity Theft Resource Center (ITRC) tracked 783 data security breaches with 85,611,528 confirmed records exposed. This year appears even more dismal. The ITRC Data Breach Reports1 for July 7, 2015, captured 411 data incidents with 117,678,050 confirmed records at risk. Because data breaches are a common occurrence in today’s information security threat landscape, it’s going […]

Continue Reading »

Point/counterpoint: Breach response and information sharing

June 22, 20150 Comments

Eric Vanderburg and Bev Robb Some breaches require notification such as those involving patient data or customer information, but sharing is optional. Of course, notification is just one form of information sharing. For example, February’s executive order encourages private sector companies to share information on cybersecurity threats. There are advantages and disadvantages of sharing information with […]

Continue Reading »

Measuring Security Program Maturity

June 15, 20150 Comments

Eric Vanderburg As an organization becomes more conscious and engaged in protecting information, it progresses along a path of security maturity. I like to describe this path in five stages starting with ad hoc and ending with leading organizations (see the figure below). This model is helpful because it demonstrates how security is refined in […]

Continue Reading »