Tag Archives: data security

Recently, I was talking to a system administrator who said “We’re moving to the cloud. They’ll be responsible for security.” I was a bit startled to hear this. Not because of the first sentence; because of the second.

Posted in Cloud Security, Info Security Mgmt | Tagged , , , , , | Leave a comment

Back in the ‘80s, President Reagan said of a missile treaty with the Soviet Union, “Trust, but Verify.” That phrase is very apt for information security too; especially as it relates to securing data on your internal systems.

Posted in IBM i Security, Info Security Mgmt, User Authority | Tagged , , , , | Leave a comment

I thought it would be interesting for my first Security Bytes post of 2107 to pull together the most popular posts from 2016 based on number of readers. As an added attraction, I’ve also included the most popular post in … Continue reading

Posted in IBM i Security, Single Sign-On (SSO) | Tagged , , , , | Leave a comment

Or… Why Your Mid-Sized Business is Suddenly Facing BIG Security Risks An interesting thing is happening in IT security.

Posted in Info Security Mgmt, Security Breach | Tagged , , , , , | Leave a comment

The other day I was thinking about how I miss David Lettermen’s “Stupid Human” and “Stupid Pet Tricks” segments. Then I got to thinking about some of the bad security habits I continue to run into at IT shops. It … Continue reading

Posted in Information Security, Password Management, User Authority | Tagged , , , | Leave a comment

OR… How to Recognize the Threat in the Seedling You regularly read news of security breaches, right? So why are all these businesses – large and small – getting hacked, cracked, and/or extorted by ransomware?

Posted in IBM i Security, Info Security Mgmt, Security Breach | Tagged , , , | Leave a comment

At the end of April, the Payment Card Industry (PCI) Security Standards Council released version 3.2 of the PCI Data Security Standard (DSS).  A couple changes are noteworthy, even though most were incremental or for clarification purposes.

Posted in Compliance, Two Factor Authentication | Tagged , , , , | Leave a comment

You may have heard that IBM included an interesting new security-related enhancement in the V7.3 release. Called authority collection, it provides information intended to help security administrators minimize the amount of authority to objects granted to users on a system.

Posted in Announcement, IBM i Security, User Authority | Tagged , , , , , , | Leave a comment

“Security by obscurity” means relying on lack of knowledge of how a thing is protected as the sole means of preventing unauthorized access to that thing. There’s been a debate going on over at the Midrange-L discussion forum about the efficacy of this … Continue reading

Posted in Encryption, IBM i Security | Tagged , , , , | Leave a comment

Verizon’s “Data breach digest. Scenarios from the field.” document includes a description of a successful attack on a water utility running on an “AS/400” (a.k.a. IBM i.)  It describes how a suspected Syrian “hacktivist” group broke into an IBM i … Continue reading

Posted in IBM i Security, Info Security Mgmt | Tagged , , , , | Leave a comment