Will Corporate Security Models Move Toward the EDU Security Model?
Posted on: 29 Jul 2016
No network is impenetrable, a reality that business executives and security professionals alike must accept. The traditional perimeter focused approach to cybersecurity has often failed to prevent intrusions, especially in…
“The Internet of Cows”
Posted on: 04 May 2016
Glenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated,…
The 20 Critical Controls – A Practical Security Strategy – Part 2
Posted on: 11 Jun 2015
In my last article, I talked about using the 20 Critical Controls as a practical security strategy. I showed how the controls map to a wide variety of international and…
The 20 Critical Controls – A Practical Security Strategy – Part 1
Posted on: 20 Jan 2015
Back in the late 1990’s, I was fortunate to be part of a team of cyber security experts who were asked to develop a list of the Top 10 Internet…
Application Security – Redux
Posted on: 07 Nov 2014
When you’re on a roll, ride it out. I’ve been on the “Redux” train for a couple of days. I usually do this when I review our security architecture initiatives…
Deja Vu All Over Again – DDoS Amplification Attacks
Posted on: 04 Nov 2014
Yep, it’s time to use this title again. This time we’re talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following: Christian…
Cloud Security: How I Learned to Love a Data Exfiltration Service
Posted on: 02 Oct 2014
Ok, I know the title sounds a little negative. I’m not against cloud services at all. We use cloud services here for a wide variety of business and personal purposes.…
Announcing the Marriage of the IT Security Office and the Network Management Group
Posted on: 24 Jul 2014
Ok, maybe it’s not a marriage but more along the lines of living together. In a previous article, I spoke about moving to a Continuous Monitoring security model, which focuses on…
When is it a Breach?
Posted on: 26 Jun 2014
One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach. A data breach starts a chain of events…
Heartbeat, Heartbleed or Heartache?
Posted on: 08 May 2014
You almost have to be on some deserted island with no Internet access to have not heard about the OpenSSL Heartbleed vulnerability. This vulnerability is very serious and pervasive because…