Digital healthcare is becoming increasingly important as healthcare providers strive to achieve the “Triple Aim” objectives of improved patient experience, improved population health and lower costs. Digital healthcare is an ecosystem, optimized to align with the needs of practitioners, staff and — most important — the patient population. It’s made up of interconnected, interoperable physical…

New Year’s resolutions provide an opportunity to focus on important things that may have slipped through the cracks the previous year. 

With all of the recent excitement about the “Shellshock” code execution vulnerability in the UNIX bash shell, and the somewhat older news about SSL vulnerabilities, I am reminded once again about the need for organizations to formally manage information security as part of an ongoing process.

Starting in Cisco’s Adaptive Security Appliance (ASA) software version 9.3.1, Cisco has added inline Security Group Tagging (SGT) support to the ASA-5500X and 5585X product lines. If you are not familiar with SGT aka TrustSec, it allows you to tag a packet with an identity field as it travels through the network. Why would anyone…

We are in the middle of security conference season. Therefore, it’s not entirely unexpected to see headlines from Black Hat and other conferences discussing “grave” security threats, and what they mean to our ability to protect our organizations and ourselves.

In a previous blog post, I mentioned that the measure of success with a cloud provider comes down to your ability to get the “real story” during the sales cycle.  While I touched on the physical security of the provider’s data center – what about the logical, remote and application data security in the cloud…

What makes advanced persistent threats (APTs) particularly dangerous? The name says it all. According to Symantec, “APTs are often highly sophisticated and more insidious than traditional attacks, relying on highly customized intrusion techniques.” While APTs differ from traditional threats, they leverage some of the same threat vectors.

Even before everyone was able to fully digest the impact of the massive Heartbleed virus, another large-scale vulnerability was announced. On April 26, Microsoft announced a major vulnerability in their Internet Explorer web browser affecting versions 6-11. This vulnerability could allow the remote execution of code due to the way IE accesses an object in…

One of the great things about being on the security assessment team is the ability to work with companies to truly improve their overall security posture. Sure, it’s interesting to talk about zero-days and exotic exploits against systems they don’t have, but in most cases, it doesn’t hold particular relevance.

On December 19th, Target confirmed that there was unauthorized access to payment card data of about 40 million credit and debit cards used in Target stores between November 27th and December 15th. On December 27th, the company confirmed reports that encrypted data containing debit card PIN numbers was also obtained but they maintain that this…