The Information Systems Audit and Control Association (ISACA) Survey

The Information Systems Audit and Control Association (ISACA), an international provider of industry information and certifications recently published 2012 Governance of Enterprise IT (GEIT) Survey:

* 5% said external hacking is the most likely threat facing their network security

* 11% said cloud computing represents the most likely threat facing their network security

* 13% said BYOD represented the most likely threat facing their network security

* 16% stated accidental exposures by employees (i.e. parking data on insecure storage sites)

* 21% have faced mobile device security issues

* 22% of enterprises have experienced a security breach

* 25% said management’s level of involvement in governance is low

* 47% of enterprises have incurred an unexpected cost due to an IT-related problem or incident in the last year

* 49% of enterprises will be increasing investments in IT

* 52% say they don’t have enough IT staff

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

PortalGuard Word Clouds

We had some fun with authentication keywords and came up with some Word Clouds, we hope you enjoy:

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

MySQL Database Flaw Leaves Passwords Vulnerable

MySQL and MariaDB, two of the most popular and used database platforms, are vulnerable to an attack that can reveal admin-level passwords. There is a flaw relating to how the databases verify password hashes. If an attacker knows a username, bypassing the password-checking mechanism is easy. There are 01.74 million MySQL servers. 50% of them (869,000 databases) are vulnerable to the exploit. The following implementations are vulnerable to the exploit: Ubuntu Linux 64-bit (versions 10.04, 10.10, 11.04, 11.10, 12.04), OpenSuSE 12.1 64-bit MySQL 5.5.23-log, Debian Unstable 64-bit 5.5.23-2, Fedora, and Arch Linux (versions not known). All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.

D.1.2. Changes in MySQL 5.1.63 (07 May 2012)

D.1.3. Changes in MySQL 5.5.24 (07 May 2012)

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

Too Trusting or Clueless? You Decide…

Authentication is becoming a part of our lives. The picture below was taken outside Starbucks in Boston on a busy Thursday morning last week. We waited about 5 minutes and no one showed up. This person could have potentially had extremely valuable data on their computer. Would the person respond differently if they read about Operation Honey Stick?

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

A Question for our Readers

When trying take a predictive approach to authentication security, what is the balance between being notified of a legitimate security attacks, anomalies, or malicious behavior and dealing with the volume of false positives?

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

Meet the President and Founder, Tom Hoey

Hobbies include anything with an engine: old cars, snowmobiles, motorcycles and tractors.

I love hanging out on my dock by the lake enjoying family and friends.

My favorite smell is morning breakfast cooking on the stove… yum!

I get excited about authentication, because it’s such an integral part of our everyday lives and is a much needed area for new innovations.

#1 Advice I would give to others about IT security would be? What you don’t know, can hurt you.

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

Hartford Small Business Data Protection Survey

The Hartford Small Business Data Protection Survey found out the following about business owners:

* 48% lock and secure sensitive customer, patient or employee data, use password protection, data encryption and firewalls to control access and lock-out hackers

* 44% have a privacy policy

* 47% update systems and software on a regular basis, acknowledge it would be impossible for a small business to completely safeguard customer, patient or employee data.

* 61% believe a data breach violates trust and would jeopardize their relationships with customers, patients and employees

* 34% would have difficulty complying with government notification requirements

* 41% ensure that remote access to their company’s network is secure

* 53% shred and securely dispose of customer, patient or employee data

* 79% restrict employee access to sensitive data

* 38% have a more negative opinion of companies that have recently experienced a breach, based on the companies’ handling of the breach.

The Hartford Data Breach resource

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

http://pinterest.com/pistolstar/portalguard/

EHR Implementation: Tips from Verizon

Verizon recently published key ways to simplify the navigation process for health care professionals moving to EHR system:

1. Put the Patient First.

2. Maintain Security of Patient Information.

3. Be Mindful of Compliance with the Health Insurance Portability and Accountability Act.

4. Evaluate Workflow Integration.

5. Communicate and Educate.

6. Influence the Influencers.

7. Embrace the Consumerization of IT.

8. Act with Urgency.

9. Think Long Term.

10. Learn about EHR Incentives.

11. Seek Certifications.

Verizon Blog

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://pinterest.com/pistolstar/portalguard/

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

PortalGuard’s New Patent

In complex computing environments, passwords are often the source of frustration, wasted time and unnecessary expense. Users regularly access about eight to ten different systems. Users are often so afraid they will not be able to get back in or utilize a service in the future, they leave the figurative key in the door, with weak passwords like “password” or sticky notes posted all over their cubicles. With the increase in remote access and demand for greater resource access by members, security issues are becoming a greater concern and bigger challenge. Dictionary attacks, hacking and other vulnerabilities caused by poor password quality are putting sensitive information and/or resources at risk.

PortalGuard is very excited to announce our new patent (8,196,193) formalized on June 5, 2012 for method for retrofitting password enabled computer software with a redirection user authentication method.

An authentication integration method may be used to integrate and control authentication and passwords among various applications and platforms of a service. The authentication integration method may extend a service’s existing authentication framework to utilize a single sign-on authentication platform in a secure fashion. The authentication integration may be carried out pre-validation and/or pre-issuance of keys by certifying authority or trusted third party of a public key infrastructure (PKI).

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169

Healthcare Data Breaches in 2012

Here are 4 out of the 10 as published by HealthCare IT News

Organization: Utah Department of Health

Date: March 30

People affected: 780,000 Medicaid patients and recipients of the Children’s Health Insurance Plan; Social Security numbers stolen from 280,000 individuals and less-sensitive personal data stolen from 500,000 others

How: A hacker from Eastern Europe accessed the Utah Department of Technology Service’s server. There was a weak password in place.

Organization: Emory Healthcare (Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center)

Date: April 18

Location: Atlanta

People affected: 315,000 surgical patients treated between 1990 and 2007 (228,000 included Social Security numbers, with other sensitive information at risk including names, dates of surgery, diagnoses, and procedure codes).

How: The organization misplaced 10 backup disks with information

Organization: Department of Health

Location: South Carolina

Date: April 19

People affected: More than 228,000 people and sent it to a private email account. 22,600 people had their Medicaid ID numbers taken, which were linked to their Social Security numbers. Others had names, addresses, phone numbers, and birth dates stolen as a result of the act.

How: The former employee, Christopher Lykes Jr., was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information.

Organization: Howard University Hospital

Location: Washington D.C.

Date: end of March

People affected: 34,503 patients of a potential disclosure of their PHI that supposedly occurred in late January.

How: A laptop (with Social Security numbers), which was password protected, was stolen from a contractor’s vehicle. No evidence suggested any patient files were accessed.

Steps taken: The hospital requires all laptops issued to Howard University Health Sciences employees to be encrypted.

###

The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, self-service password reset, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.

http://www.PortalGuard.com

Subscribe to our newsletter: http://portalguard.com/contact_us.php

https://twitter.com/portalguard

http://www.facebook.com/pistolstar.authentication

http://www.facebook.com/pages/PortalGuard/240761992635169