security | ProptechNerd - Matt Cohen

Security Auditing compared with Penetration Testing

Recently, while we were discussing a contract, an industry executive needed me to give an explanation of the difference between a “security audit” and a “penetration test.” The party with whom the executive was negotiating the contract had changed the contractual requirement from the one to the other. Since this might be of interest

Preventing Screen Scraping: Policy, Contracts and Technology Evaluation

5JulyMatt CohenProfessionalsecurity

When organizations create policy requiring screen-scraping and other automated attack prevention and monitoring, it’s important for those organizations to be speciﬁc enough to ensure that compliance with policy can be measured in some way. Indeed, it is equally important for the organization to ensure that their technology contracts contain clear and explicit terms that

Reducing the Risk of Real Estate Wire Fraud

1SeptemberMatt CohenProfessionalbrokerage, security

The Groundbreaking Definitive Paper on the Subject Ongoing bad publicity related to real estate transaction wire fraud threatens to damage the reputation of the real estate industry. Previous issue descriptions have been incomplete and have also not provided thorough guidance for those brokerages, title companies, attorneys, and others that engage internally in the wiring

NAR’s D.A.N.G.E.R. Report – Focusing on the Security Risk

7JulyMatt CohenProfessionalsecurity

Understanding the Risk and How to Address It In the D.A.N.G.E.R. Report, compiled for NAR by Stefan Swanepoel, a “security breach” is listed as a “high risk” for MLSs, though it is quite clear that the risk is to the industry more generally. According to Stefan, “Cyber criminals could attack the industry, breach the

Security Assessment: Demystifying the Process

27AprilMatt CohenProfessionalsecurity

Don’t Be Afraid of the ‘Audit’ Information security laws are still a patchwork nationwide, but an increasing number of industry organizations are ﬁnding that they need our assistance to comply with laws and other applicable requirements. The purpose of this post is to help demystify the process. Many industry organizations are just realizing all