Enterprise Network Security Blog from ISDecisions

Detect and alert on Windows File changes

Detect and alert on Windows File changes

Industrial engineers figure out how to do things better. They engineer processes and systems that improve quality and productivity. They work to eliminate waste of time, money, materials, energy and other commodities. In such a highly competitive field, any sensitive data needs to be well protected from potential data breaches. Industrial engineers reacting quickly to … Continued

IT manager at a school or university? You’ve got your work cut out for you

IT manager at a school or university? You’ve got your work cut out for you

If you’re responsible for IT security at a school, college or university, I don’t envy you. You have a tough job. Not only do you need to keep out the usual external threats like viruses, trojan horses, hackers and the…

Why compromised logins are every CIO and CISO’s nightmare!

Why compromised logins are every CIO and CISO’s nightmare!

The real, $940 million risk of sharing credentials or having weak login information! Last week, a federal judge awarded Epic $940 million in damages, $240 million in compensatory damages and $700 million in punitive damages in the suit against Tata.…

Panama Papers Leak: Prevention is Always Better than Cure

Panama Papers Leak: Prevention is Always Better than Cure

For almost four decades, Panama’s Mossack Fonseca law firm has specialised in commercial law, trust service and investor advisory, and was known for its discretion to global elites. However, its recent leak of more than 11 million documents – the…

How to Detect Ransomware with FileAudit

How to Detect Ransomware with FileAudit

According to the FBI, ransomware – the strain of malware whereby files and folders are locked down by criminals and not released until a ransom is paid – is a growing concern. This, coupled with the new mass access alerts with…

Protection from Password Sharing

Protection from Password Sharing

Employees are arguably the greatest security risk to modern businesses. Though it is often assumed that IT viruses and hackers should be your biggest concern, the reality is that it is your own staff, whether maliciously or accidentally, that are the most likely cause of a breach. But how much do you really know about … Continued

Are you Identifying and Monitoring End-Users Network and File Access?

Are you Identifying and Monitoring End-Users Network and File Access?

Recent IS Decisions research among 1500 healthcare, finance, and legal sector workers in both the US and the UK highlighted the current status of how organizations are securing their networks and sensitive information within. The results shed light on how much more needs to be done to mitigate the risk of both security and compliance … Continued

Beta Testers wanted for UserLock 9.0

Beta Testers wanted for UserLock 9.0

IS Decisions is pleased to announce the UserLock 9.0 Beta Testing Program. This major upgrade comes with numerous new features and enhancements including: Verify and manage users Initial Access Point to better secure all subsequent network connections Block all logon…

Stopping Legitimate Login Credentials being used for Security Breaches

Stopping Legitimate Login Credentials being used for Security Breaches

Many data breaches involve the use of legitimate login credentials. Guarding against these ‘insider threats’ means better protecting all authenticated users access to the network, and the sensitive information within. The Threat from Human and Authenticated Users There is now widespread…

HIPAA Access Control

HIPAA Access Control

Access control is the first Technical Safeguard Standard of the HIPAA Security Rules. It is described in HIPAA compliance as the responsibility for all healthcare providers to allow access only to those users (or software programs) that have been granted access…

Five Ways to Never Trust, Always Verify, in Zero-Trust IT

Five Ways to Never Trust, Always Verify, in Zero-Trust IT

Is your IT like an M&M? Does your security have a hard, crunchy exterior and soft, chewy interior? The following is a guest post from Andy Doyle at PNL Tools, a leading UK based, professional services provider and IT reseller that work…

Concurrent Session Control in Healthcare for CMS compliance

Concurrent Session Control in Healthcare for CMS compliance

“UserLock is the only solution on the market that allows our organisation to fulfill the CMS compliance requirements for its government contracts. It is absolutely critical to our business in this respect, but brings with it numerous other benefits in usability and reporting functionality.” Technology Editor for Active Directory, Leading US Healthcare Insurance Provider   … Continued

A Failure to Enforce Unique Employee Logins for ISO 27001 Compliance

A Failure to Enforce Unique Employee Logins for ISO 27001 Compliance

The legal and law enforcement sector is risking compliance and security issues by failing to provide and enforce unique employee logins. Our latest report ‘Legal and Law Enforcement: Information Access Compliance‘ found that despite requirements by regulation global standard ISO 27001, 31% of employees in the US and UK legal and law enforcement sectors do not have a … Continued

How an Insider Threat Assessment Can Help You Uncover Gaps in Protection

How an Insider Threat Assessment Can Help You Uncover Gaps in Protection

The following is a guest post from Greg Cullison, Senior Executive of Security, Stability & Insider Threat Programs at Big Sky Associates The issue of ‘Insider Threat’ may be one that has recently crossed your desk. If so, you are…

Growing Access Management Responsibilites for 2016

Growing Access Management Responsibilites for 2016

Access management responsibilites are extending. There are more and more reasons people need access to information to do their jobs. And it’s not just employees. The ‘extended enterprise’ means your supply chain, your partners and even your customers need access, or temporary…

Why creating a culture of security awareness is crucial in tackling insider threat

Why creating a culture of security awareness is crucial in tackling insider threat

Last month was European Cyber Security Month (ECSM), and this year’s theme was ‘Cyber Security is a Shared Responsibility’, reflecting the notion that cyberspace cannot be secured without the help of all users. Meanwhile, Week 2’s topic ‘Creating a culture of…

File System Auditing

File System Auditing

Rated as “highly recommended” by WindowSecurity.com and given its Gold Award, FileAudit 5 greatly simplifies the critically important job of monitoring and auditing access to folders and files across Windows File Systems.  Access to Sensitive Files There’s hardly a day that goes by that we don’t…

Technical Safeguards HIPAA & IS Decisions

Technical Safeguards HIPAA & IS Decisions

HIPAA’s Security Rule divides its protections into three “safeguard” categories: technical, administrative and physical. This post outlines how both UserLock and FileAudit help meet different security requirements of the HIPAA technical safeguards and better protects patient data. What are Technical Safeguards The Technical Safeguards (as defined in § 164.304) are the technology and related policies and procedures that protect … Continued