search
top

Equifax Breach Lessons Learned

Equifax Breach Lessons Learned

After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security. 

 

Security Representative on the Core team

It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post

SSL Cert Options

SSL Certificates

To Start off, I am going to break this post into many parts.
This will be part 1

So lately, I have been looking at different SSL Cert options that are out there for your applications and machines.

Let’s face it unless you’re a small to large business you may not see a huge investment with SSL certs.

Personally, I think  it’s a general good practice most people should adopt it for everything.
I’ve seen some people complain that adding a layer of SSL decreases server performance.

In my opinion most machines these days are fairly powerful.
Or, at least powerful enough to take on something like SSL, so I don’t see that as a very valid excuse at all.

The main reason people may not wish to make use of SSL is due to the costs, or the lack of knowledge on how to properly make use of one.

And, my hope is to find a reliable SSL Cert CA, that also is reasonably priced and affordable for the average blog poster.

I found an interesting website that actually did an analysis on this issue awhile back.

(more…)

top