Security Insider - Podcast Edition

Recently colleges and universities have become a target for data thieves and are suffering an increased number of data breaches. This podcast discusses why these organizations are experiencing a higher level of attacks, as well as what they can do to protect themselves. Additionally, learn four things to increase your data security that you can get started with today.

Do you use Microsoft SharePoint in your organization to share documents that contain sensitive information? Did you know that these documents probably fall under compliance laws and regulations? Join Patrick Townsend as he discusses why businesses need to secure their SharePoint servers, how easy it can be, and where he sees users falling down with their data protection strategy.

While creating encrypted backup tapes is an excellent practice, for many organizations it is often the only time their data gets encrypted. Patrick Townsend discusses some misconceptions he is seeing around encryption and tape backups, what organizations should be doing to secure their sensitive data before it gets backed up to tape, and what compliance regulations say on when data needs to be encrypted.

LinkedIn recently experienced a data breach that exposed over 6.5 million hashed passwords. While few details have been offered about the attack itself, LinkedIn could have avoided this breach if they had proper security processes in place.

Collecting and monitoring system logs has become a hot topic for organizations that need to meet compliance regulations. Logging on the IBM i (AS/400) is different than other platforms and something an organization should not take the “do it yourself” approach.

The frequency of data breaches in healthcare have increased 32% in the past year and cost an estimated $6.5 billion annually. Fortunately, if you are protecting your Personal Health Information (PHI) with proper encryption and key management, you are exempt from a breach notification. Learn how ow a company can achieve Safe Harbor status in the event of a breach, as well as best practices for encryption, key management, and secure system logging.

IBM recently announced the end of support date for V5R4. This will prompt many IBM i shops to upgrade to a newer release - either V6R1 or V7R1. This podcast will discuss the security reasons that you should go straight to V7R1. Additionally, we will discuss how Townsend Security can help you take advantage of FIELDPROC, a new addition to V7R1 that allows companies to encrypt their sensitive data without changing their applications.

Learn what secure managed file transfer is, how it can help you meet compliance regulations, and what to look for in a secure managed file transfer solution. Additionally, we will discuss how Townsend Security can help make your managed file transfers secure with PGP encryption.

Like other IT projects, the implementation of up-to-date logging requires careful planning. For example: systems need to be monitored and the parameters related to security and archiving need to be defined. This podcast discusses what system logging is, how logging can help you meet compliance requirements, and what to look for in a logging solution. Additionally, learn how Townsend Security can help you transmit the logs from your IBM to any SIEM console.

FIELDPROC has made encryption on the IBM i much easier. It is now possible to encrypt your databases with NO APPLICATION CHANGES! The question is, what are the performance impacts? Patrick Townsend explains why the speed of your encryption is important, what to look for when deciding on a solution, and simple tests that listeners can do to help decide which FIELDPROC encryption solution is right for them.

Today's topic is HPAA and the HITECH Act, and what they say about encryption and key management. Additionally, learn how to avoid breach notifications and what Townsend Security can do to help your organization meet these compliance requirements.

Learn about SQL Server 2008 EKM and what Microsoft customers should be thinking about when they consider using SQL Server EKM for encryption. Also, learn what role a Hardware Security Module or HSM plays and what to look for when selecting an encryption key management HSM.

Organizations need to comply with a growing number of data privacy regulations. Patrick discusses the various regulations - such as PCI, HIPAA/HITECH, and state privacy laws - as well as how to meet the regulations and what it is like to have an audit.

Transparent encryption is new to IBM i 7.1. Learn about the new FieldProc capabilities and the benefits of transparent encryption, as well as what FieldProc is and isn’t. Additionally, Patrick discusses the new security risks associated with the new FieldProc APIs and what Townsend Security is doing to help the people who have moved, or are thinking about moving to the latest IBM OS release.

Compliance regulations require proper key management. Learn why encryption key management is a concern for Microsoft Windows users, some of the technical challenges in using good key management, and how Townsend Security can help Microsoft partners.

Learn what constitutes personally identifiable information (PII) and how to protect it with strong AES encryption and key management. Additionally, learn about compliance regulations and how your organization can begin to develop a security policy.

New PCI Data Security Standards have been announced. Patrick Townsend of Townsend Security, a PCI SSC participating organization, speaks on best practices for meeting PCI compliance regulations and provides insight and commentary on the changes in compliance and enforcement.

The new PCI Data Security Standards (PCI DSS v2.0) are here and we’ve gotten a lot of questions about the changes related to encryption key management. Because we work with a lot of companies going through PCI compliance audits and reviews, the new standards just confirm the trends we’ve seen over the last few months on how QSA auditors and security professionals view encryption key management, and what they see as the minimum requirements for managing keys. In this podcast, Patrick Townsend speaks on current best practices, as well as what PCI has to say about integrated key management (why it isn't a good thing), dual control, separation of duties, and split knowledge.

Tokenization, Encryption, and Key Management are discussed and why each technology is a necessary component for a comprehensive data protection plan. Additionally, Patrick discusses why NIST certification is important, as well as what VISA has to say regarding best practices with these technologies.

HIPAA and HITECH are mandating encryption of sensitive medical and personal information. But all encryption is not created equal. Find out what NIST certification is, and how it gives you safe harbor status even if you experience a major data loss.