security risks

#InformationSecurity News - 9/19/14

  • Via Threat Post - White House: Internet Not Borderless,But Lacking Interior - read commentary on the ongoing cybersecurity conundrum plaguing the US government. 
  • California's state legislature unanimously passed the nation's toughest bill yet to protect the personal data of kindergarten through 12th grade (K-12) students. Learn more at Naked Security
  • KrebsonSecurity investigates a LinkedIn feature that exposes users' email addresses - read more to find out if you're at risk. 
  • News analysis from CSO Online says today's security hacks are after more than bank information. 
  • JPMorgan Chase Confirms Cyber-Attack - says Bank's 'Technology Environment Compromised' - read more at Bank Info Security.

And coming up October 9 at The Bank Summit 2014 - Peter Bamber, CISA, CRISC, CISSP, Vice President, Information Security Consulting Services, for Security Management Partners is scheduled to present "Cybersecurity Preparedness and the FFIEC Cybersecurity Intitiative at 10:15 a.m. EDT. Learn more here:


Security Management Partners Introduce Enhanced Firewall Analysis Service

Jun. 17, 2014 - WALTHAM, Mass. -- Security Management Partners, a leading full-service information security and IT assurance consulting firm, announced details of its new Enhanced Firewall Analysis service to provide customers with increased visibility into firewall operations to meet the increasing complexity and changing security needs.

Specializing in assessments and regulatory compliance consulting to the corporate, healthcare, biopharma, and financial industries, Security Management Partners (SMP) provides a wide range of information security and assurance services including incident response and forensics, information security program development and management, internal and external security testing and assessments, regulatory compliance audits and security training. The new Enhanced Firewall Analysis service is a complement to SMP’s extensive Firewall Assessment with Rule Base and Change Form Review offering.

Through the Enhanced Firewall Analysis, SMP generates a map of network configurations including firewalls, routers, subnets and zones, in order to provide additional visibility into existing security policies. This thorough review also works to determine the usefulness of the network, enabling SMP to identify potential threats and vulnerabilities and provide actionable recommendations. By completing this analysis, SMP is able to optimize firewall operations and ensure that all network devices are properly configured to mitigate these risks and improve security settings. In addition, SMP customers can define baselines for device configurations, monitor changes to network security policy, create and review compliance reports and maintain a complete audit trail moving forward.

Peter Bamber, CISA, CRISC, CISSP, vice president of IT Security Services for SMP, commented, “Our Enhanced Firewall Analysis service enables the experts at Security Management Partners to develop a comprehensive roadmap of existing security policies and procedures to help organizations better understand and manage their complex firewall systems. With the introduction of this offering, companies of all sizes across all industries can glean deeper insights into the safety, security and viability of their Next Generation Firewalls.”

About Security Management Partners

Security Management Partners (SMP) is a leading, independent information security and assurance firm, specializing in assessments and regulatory compliance consulting to the corporate, healthcare, biopharma, and financial industries. SMP is known as a trusted advisor that helps identify threats and vulnerabilities, quantify risk and provide risk mitigation strategies for information assets. SMP helps to eliminate internal and external information security risks while ensuring that companies can adhere to today's evolving compliance regulations. For more information, please visit:

Access the original release here:

News: Experts Find a Door Ajar in an Internet Security Method Thought Safe

A flaw has been discovered in one of the Internet’s key security methods, potentially forcing a wide swath of websites to make changes to protect the security of consumers.

The problem was first discovered by a team of Finnish security experts and researchers at Google last week and disclosed on Monday. By Tuesday afternoon, a number of large websites, including Yahoo, Facebook, Google and Amazon Web Services, said they were fixing the problem or had already fixed it.

Researchers were still looking at the impact on consumers but warned it could be significant. Users’ most sensitive information — passwords, stored files, bank details, even Social Security numbers — could be vulnerable because of the flaw.

The most immediate advice from security experts to consumers was to wait or at least be cautious before changing passwords. Changing a password on a site that hasn’t been fixed could simply hand the new password over to hackers. Experts recommended that, before making any changes, users check a site for an announcement that it has dealt with the issue. “This is a good reminder that there are many risks online and it’s important to keep a watchful eye around what you’re doing, just as you would in the physical world,” said Zulfikar Ramzan, the chief technology officer of Elastica, a security company.

The extent of the vulnerability was unclear. Up to two-thirds of websites rely on the affected technology, called OpenSSL. But some organizations appeared to have had advance notice of the issue and had already fixed the problem by Tuesday afternoon. Many others were still working on restoring security.

Read the full article at The New York Times

The Risks of Big Data for Companies

Big data. It's the latest IT buzzword, and it isn't hard to see why. The ability to parse more information, faster and deeper, is allowing companies, governments, researchers and others to understand the world in a way they could only dream about before.

All that is true. And yet…

It's also true that in our rush to embrace the possibilities of big data, we may be overlooking the challenges that big data poses—including the way companies interpret the information, manage the politics of data and find the necessary talent to make sense of the flood of new information.

Big data, in other words, introduces high stakes to the data-analytics game. There's a greater potential for privacy invasion, greater financial exposure in fast-moving markets, greater potential for mistaking noise for true insight, and a greater risk of spending lots of money and time chasing poorly defined problems or opportunities.

Read the rest of this article via The Wall Street Journal

Event Reminder - Monday 10/7 at The Bank Summit

 WhatThe Bank Summit

When: Monday, October 7, 2013

Where: Sheraton Framingham Hotel & Conference Center - 1657 Worcester Road, Framingham, Massachusetts 01701

What: Will exhibit in booth #45 and present the session "Convenience at What Cost? Security Risks and Mobile Bankingfrom 1:45-2:30 pm.