Welcome to BlogNotions' IT Security Blog

The BlogNotions IT Security Blog delivers a diverse series of perspectives provided by thought leaders in the security industry. Presented by NetLine, this forum delivers compelling updates on the latest technology and software, best practices for safeguarding data, recommendations for choosing various solutions, and much more. Here you can find helpful information, ask questions, and collaborate freely.

Why does Web App Security continue to stink?

Everyone and every company has a web site now a days. Some are professionally done, some are made from DIY kits provided by the hosting provider and some are done from scratch by someone who claims to know what they are doing. It doesn’t seem to matter who built the site most all of them […]

Continue Reading

You say false positive, I say tell me anyway

One of my favorite people on the intertubes is Shrdlu. I’ve enjoyed reading her enlightening and somewhat amusing posts for quiet a while and have bantered back and forth with her on Twitter many a time. She was even the first interview that we Martin did on the SFS podcast back in January of last […]

Continue Reading

How to Compare Server Online Backup and Recovery Service Providers

IT professionals are increasingly looking to online backup and recovery (or “cloud storage”) services when it comes to server data protection. These solutions are especially relevant for small to medium-sized businesses and for the remote offices of larger enterprises. But with all the choices today, how do you decide what is right for your company? […]

Continue Reading

Advanced Persistent Threat (APT)

Introduction APT, formerly known as the Advanced Persistent Threat, is the buzzword that computer security specialists and everyone else is using. Companies are concerned about it, the government is being compromised by it and computer security specialists are using it in every presentation they give. One of the main reasons organizations are broken into today […]

Continue Reading

Hey! You! Get off of my cloud!

Push any app or service you want out to the cloud, but keep your security close and require your service providers to use one of the standards based methods to authenticate your users against your Active Directory.

Continue Reading

Getting results the wrong way

“Right results are not the measurement of success. How you arrive at the results is even more important. It is not all about results. Of course results are important, done the right way.” For quiet some time lots of us in the community have been saying that the industry is broke and that we’re looking […]

Continue Reading

The Importance of the Insider Threat to Security Experts

“I trust everyone, it is the devil inside that I do not trust,” is a great line from the movie The Italian Job. Every single person has the potential to do harm if the right circumstances occur. Yes this includes employees. This presents a great deal of trouble to security experts. Why is it that […]

Continue Reading

HIPAA Security Evaluation – HIPAA Risk Analysis – Explained

Compliance Assessment? Security Evaluation? Risk Assessment? Risk Analysis? Compliance Analysis? Huh? Lots of confusion continues to swirl around the difference between a HIPAA Security Evaluation versus HIPAA Security Risk Analysis. No wonder, the terms are often used interchangeably. Let’s end the confusion… Technically, one might argue when it comes to regulatory compliance of any type, […]

Continue Reading

Taming the Beast: Preventing/Detecting Insider Threat

The insider threat is continually occurring, even if companies do not realize it. What makes the insider threat such a significant problem is that it cannot be prevented like an external attack. If someone is running a buffer overflow attack against your system, you can patch the system and prevent the attack from occurring. If […]

Continue Reading