case.

now browsing by tag

 
 

#cybersecurity | #hackerspace | 5 Tools to Make the Case for Security Budget

Source: National Cyber Security – Produced By Gregory Evans Of all the headaches CISOs deal with daily (and we know there are many!), making a hard-fought case for an appropriate security budget is one they often have to contend with annually. While security and risk mitigation are certainly receiving more attention and priority these days, […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Security @ Serverless Speed – A Protego Use Case

Source: National Cyber Security – Produced By Gregory Evans Companies choose to transition to serverless computing for various reasons, mainly being faster time-to-market and reduced infrastructure costs. However, the root cause of their serverless security needs differ based on a myriad of factors. In this use case we will highlight a team struggling with traditional […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Making a Case for Tokenization in the Enterprise

Source: National Cyber Security – Produced By Gregory Evans

Tokenization can be used to protect any sensitive data within an organization, with little overhead

One of the most difficult tasks in information security is protecting sensitive data across complex, distributed enterprise systems as well as a mix of legacy systems and cloud-based applications, all blended in with critical business requirements. Added to the ever-present risk of data breaches are the various privacy laws and regulations, such as GDPR or the California Consumer Privacy Act.

When implemented properly, encryption is one of the most effective security controls available to enterprises, but it can be challenging to deploy and maintain across a complex enterprise landscape. Worse, sensitive data still can be taken advantage of should it be subject to a breach. Fortunately, there are other data protection options that enterprises can implement with far less disruption—namely, tokenization.

Increasingly, enterprises are turning to tokenization because it offers a stateless, data-centric approach with fewer security gaps and risks. With tokenization, security travels with the data while it’s at rest, in use and in motion. As a result, no additional security methods are needed to provide protection when the data leaves the enterprise.

Tokenization accomplishes this by replacing the original sensitive data with randomly generated substitute characters as placeholder data. These random characters, known as tokens, have no intrinsic value, but they allow authorized users to retrieve the sensitive data when needed. If tokenized data is lost or stolen, it is useless to cybercriminals. The tokenized data can also be stored in the same size and format as the original data. This is ideal for enterprise environments—especially those with legacy systems—since the tokenized data requires no changes in database schema or processes.

Broad Applications

The use of tokenization also minimizes data exposure. Applications generally will use tokens and only access real values when absolutely necessary. Although tokenization is most typically associated with credit cards, it is applicable to virtually every industry, for data types such as Social Security numbers, birth dates, passport numbers and account numbers. Through the use of network-level and REST APIs, tokenization can be integrated into a variety of different enterprise environments.

Tokenization is also a secret weapon for organizations with heavy compliance burdens. Financial institutions, for instance, are often responsible for securing millions of account holder credentials in data infrastructures that are subject to PCI DSS regulations. Tokenizing as much data as possible allows these organizations to ease their compliance burdens as tokens are not generally within the scope of audits.

With the advent of vaultless tokenization, the implementation of tokenization in the enterprise is now a relatively straightforward affair. Legacy methods of “vaulted” tokenization require maintaining databases with tokens and their corresponding real data. These token vaults represent a high-risk target for theft. Furthermore, large token vaults often present complex implementation problems, particularly in distributed, worldwide deployments. One could argue that the implementation challenges surrounding vaulted tokenization are a primary reason why enterprises continue to leave sensitive data vulnerable to cyberattackers.

No Vault Database to Maintain

In contrast, vaultless tokenization is safer and more efficient while offering the advantage of either on-premises or cloud deployment. In this model, a hardware security module (HSM) is used to cryptographically tokenize data. This data can then be detokenized, returning the appropriate portion of a record, for use by authorized parties or applications. In this model, there is no token vault or centralized token database to maintain.

The information security principle of least privilege dictates that organizations limit access to sensitive data to solely what an individual needs to do their job. Any additional access is an unnecessary exposure of sensitive data. Intelligence agencies have operated under this principle of “need to know access” for years. This reduces the risk of data breaches of both the accidental and intentional varieties.

Customizing detokenization output based on user or application role is one way to accomplish this. For example, loyalty applications may find a partially detokenized account number, perhaps just the last four digits of a credit card number, sufficient to do their job, while an e-commerce application would likely require a fully detokenized account number for repeat purchases. Other applications, such as business analytics, may be able to use the token itself as an identifier without any need to ever detokenize it.

Historically, the protection of credit and debit card numbers, both for payment as well as non-payment processes, has been the main application for tokenization, but the largest opportunity going forward is the general protection of sensitive data. With the costs of recovering from a data breach spiraling out of control, the case for tokenization in the enterprise is an easy one to make.

Source link

The post #cybersecurity | #hackerspace |<p> Making a Case for Tokenization in the Enterprise <p> appeared first on National Cyber Security.

View full post on National Cyber Security

17-year-old charged with voyeurism as police investigate social media hacking case

Source: National Cyber Security – Produced By Gregory Evans

Vancouver police arrested a 17-year-old boy on voyeurism charges while investigating a case where someone hacked into a girl’s social media account and shared nude photos of her. The Vancouver Police School Resource Officer assigned to Union High School first began investigating the incident on Monday, September 18. A girl…

The post 17-year-old charged with voyeurism as police investigate social media hacking case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian cyber hacker pleads guilty in identity theft case

Source: National Cyber Security – Produced By Gregory Evans

A Russian cybercriminal identified as a leader of a $50 million identity theft and credit card fraud ring has pleaded guilty in Atlanta to helping to steal millions of debit card numbers and swiftly loot accounts in cities around the world, federal authorities said. Roman Valeryevich Seleznev pleaded guilty Thursday…

The post Russian cyber hacker pleads guilty in identity theft case appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Air Force veteran in leak case wants FBI admission suppressed

Source: National Cyber Security – Produced By Gregory Evans

A young woman charged with leaking classified U.S. documents has asked a federal judge to rule that comments she made to FBI agents before her arrest can’t be used as evidence. Reality Winner, a former Air Force linguist who held a top-secret security clearance, worked as a government contractor in…

The post Air Force veteran in leak case wants FBI admission suppressed appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party

Source: National Cyber Security – Produced By Gregory Evans

The Ukrainian hacker gave confessions and witnessed the US Federal Bureau of Investigation in the case of hacking servers of the US Democratic Party during the campaign, which for Hillary Clinton turned into a series of scandals and became victorious for Republican Donald Trump. Russia is accused of organizing crack…

The post Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Teen Texting Suicide Case Ends with Jail Sentence

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Last week, Michelle Carter was sentenced to 15 months in jail after being found guilty of involuntary manslaughter in the death of her 18-year-old boyfriend Conrad Roy. Carter, who was 17 at the time of Roy’s…

The post Teen Texting Suicide Case Ends with Jail Sentence appeared first on Become007.com.

View full post on Become007.com

Logan teen jailed in sexting case involving minor

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ An 18-year-old Logan man has spent the summer in the Cache County Jail and has a six- month prison stay hanging over his head after sexting with his 16-year-old girlfriend. “There is no honor in what…

The post Logan teen jailed in sexting case involving minor appeared first on Become007.com.

View full post on Become007.com

FBI AGENTS SEIZE SMASHED HARD DRIVES IN MUSLIM IT HACKING CASE

Source: National Cyber Security – Produced By Gregory Evans

It wasn’t that long ago that Debbie Wasserman Schultz was trying to browbeat the Capitol Police over a laptop in the Muslim IT hacking case. Rep. Debbie Wasserman Schultz threatened the chief of the U.S. Capitol Police with “consequences” for holding equipment that she says belongs to her in order…

The post FBI AGENTS SEIZE SMASHED HARD DRIVES IN MUSLIM IT HACKING CASE appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures