je.st
news
Tag: security
'On my first day I was confused for a security guard'
2020-10-14 01:12:50| BBC News | Business | UK Edition
As racism persists, firms face growing calls to make their senior leadership teams more diverse.
What is data security?
2020-10-02 18:09:01| The Webmail Blog
What is data security? nellmarie.colman Fri, 10/02/2020 - 11:09 Data security refers to your policies and standards for protecting your data across your network, infrastructure and applications and at multiple layers. Data security methods span on-premises and cloud environments and include encryption, masking, tokenization, erasure, authentication, access control, backups and recovery and data resilience. Data security also involves compliance-related demands driven by government regulations or industry standards like PCI or HIPAA. The importance of data security According to a recent Verizon report, one in eight breaches are financially motivated, and all breaches create financial turbulence for the victims. A data breach can cause just as much disruption as being found in non-compliance. Without a solid data security strategy, you could be at risk for public relations fallow, non-compliance penalties and productivity losses. Some common consequences of a data breach include: Public relations fallout Online consumer expectations are on the rise. So when potential customers or investors hear that your organization has been breached, it makes you appear careless and unreliable even if you did everything that you were supposed to do. This perception could result in losing market share and may even impact your stock price. The effort and cost to clean up the initial breach, manage the media, communicate with customers and re-build your brand detracts resources from your core mission. Non-compliance penalties Not following regulatory and legal requirements around retention, permissions and storage can lead to big fines for non-compliance. Primarily, those fines are penalties from the regulatory board. In addition to that, there may also be associated fees such as direct payments to breach victims, supplying remediation services (credit monitoring or identity protection) or lawsuits for damages. Productivity losses After a data breach, IT teams must drop whatever theyre doing to respond and resolve the threat. If data loss occurs, theres time spent on restoring backups. A security breach will likely impact the ability of some employees to access and use data needed to complete their jobs. In a recent CISO study conducted by Cisco, 48% of companies with over 10,000 employees experienced at least four hours of downtime related to a data breach, and a third experienced up to 16 hours of downtime. Types of data security technology Protecting data in the cloud or on-premises will involve using one or more of the following technologies: Data encryption Data masking Tokenization Data erasure Authentication Access control Backups and recovery Data resilience Data encryption Data encryption prevents unauthorized users from accessing data. This technique requires some type of authorization or key to decrypt and view or edit data. Encryption primarily applies at the network and infrastructure level; however, physical assets, flash drives or hard disks can also employ this data security method. Encryption can be applied within applications as well. For example: Original data: John Smith Encrypted: 393938383838 Decrypted: John Smith Locked status: Locked; can unlock Access: End users can access the entire set of data Data masking When data is masked, all or parts of the data are replaced. This is often seen when credit card or social security numbers are displayed. The data is there, but its not accessible. This technique is used for situations where the data is saved into the system, but due to compliance issues, like PCI or HIPPA, users can't view the actual data. Masking is non-reversable. Once masked, the data loses its value and is not available for use in any other functions. For example: Original data: John Smith Masked: 393938383838 Unmasked: n/a Locked status: Locked; cant unlock Access: End users cannot access the data and the data cant be used for analysis Tokenization Though its important to leverage the value of all data, certain data elements like Personally Identifiable Information (PII), medical details and financial information need to be handled with particular care. Tokenization allows organizations to hide sensitive information but retain its meaning. Unlike encryption, where the data can be unlocked, or masking, where the data loses its value, tokenization cannot be unlocked but its characteristics are still valuable. You may not know each customers name and address, but you can pull data to determine, for example, when customers in a particular region spend more on a particular item. Original data: John Smith Tokenized: 838383838 Unerased: n/a Locked status: Locked; cant unlock Access: End users can access the data insights but not the actual data set Data erasure Due to the rise in privacy protection regulations, like GDPR and CCPA, businesses need to not only protect the data they ingest, but allow for a process to delete that data as well. Messy data hygiene and careless data governance adherence may make it impossible for some organizations to fully comply with data erasure requests because they dont have a good handle on all of the places data points could be housed. When done correctly, data erasure works like this: Original data: John Smith Erased: [no data] Unerased: n/a Access: Data is non-existent. End users never knew the data existed. Authentication Authentication is the process by which users identify who they are and can access information. For some systems, its a password; for other systems, it might be a biometric indicator like fingerprints or face scans. Authentication unlocks locked data for use by authorized parties. This is applied at the network, application or file level. Access control By establishing user groups and role-based access methods, organizations can control which users see what data. This ensures that employees who need to see sensitive data are properly authorized to do so. Access control is written into most data compliance standards to prevent, for example, a receptionist in a doctors office from seeing a patients full medical record as opposed to just the insurance information needed to register and schedule patients. Backups and recovery Backups and recovery refer to the way you store data and plan to restore it in case of an incident. Much like consumer-level services that cover you if you accidently delete a file or lose your phone, backup at the enterprise level means spreading data out into multiple secure locations to provide redundancy. If one location fails, the other location kicks in with an exact snapshot
Security Engineer mfd Common Criteria and Approval
2020-10-02 11:09:38| Space-careers.com Jobs RSS
OHB System AG is one of the Top 3 European space companies and a member of the listed technology group OHB SE. About 2,800 employees work on some of the most important aviation and space programs of our times in Germany and other EUcountries. These include loworbiting and geostationary satellites for earth observation, navigation, telecommunications, science and space exploration. OHB System AG designs satellites and systems for human space flight, aerial reconnaissance and process control systems at its two strong locations in Bremen and Oberpfaffenhofen. We owe our success to our employees and their passion for innovation, their commitment and their initiative. The Cryptography Systems department at OHB System AG in Bremen is looking for a Security Engineer mfd Common Criteria and Approval Your Tasks Guiding the implementation from the perspective of crypto approval needs with the goal of risk minimization during equipment development Preparation of security analyses on equipment and subsystem level Preparation of crypto concepts Management of crypto approval process TEMPEST design, analyses and test organization Organization of the certification after Common Criteria standard Evaluation of supporting software to support the certification work Preparation of documents after Common Criteria standard such as security target, threat analyses, development documentation, guidance documentation, definition of formal admission tests Establishment and maintenance of a close collaboration with evaluation labs and the national institutes for data security i.e. BSI Support of proposals and technical studies Temporarily or permanently other reasonable and equivalent activities according to existing knowledge and skills Your Qualifications Doctoral or engineering degree in information technology, mathematics or physics Sound experience in the area of ITsecurity, approval of crypto equipment or certifiation after Common Criteria Standard Experience in the area IT security Good knowledge in formal definition of secure systems as well as definition of formal security targets according to Common Criteria framework Good knowledge in the preparation of Common Criteria documents Good knowledge in support of approval processes for crypto equipment Competent Common Criteria evaluator Good communication skills
Tags: security
common
criteria
approval
GCHQ reports serious and systematic defects in Huawei software and security
2020-10-01 02:00:00| Total Telecom industry news
An oversight report today published by HCSEC has been critical of Huawei’s approach to network equipment technology, finding numerous flaws during its investigations, including one vulnerability deemed “nationally significant” last year. The report makes it explicitly clear that the security bodies do not believe the “defects identified are as a result of Chinese state interference” or have been exploited…read more on TotalTele.com »
Tags: software
security
reports
systematic
New German security law may tighten the screws on Huawei
2020-09-30 02:00:00| Total Telecom industry news
Reports suggest that the German government has reached a decision on Huawei and so-called high risk vendors when it comes to 5G: the vendors will not be banned outright, but scrutiny will be increased to include the RAN alongside the core. While not making it completely unfeasible to work with Huawei, a new, strict IT security law will make the prospect far less appealing for operators…read more on TotalTele.com »
Sites : [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] next »