CISO Insights

Back to Vendor Listings

Not Like the Others

(This is the sixth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. The fourth installment can be read here. The fifth installment can be read here. These principles, often represented in regulations and privacy…

IPv6 – It’s Time

VA Tech is one of the few institutions in the US that runs a full production, dual stack IPv4/IPv6 network. We’ve been running this dual stack network since 2005. All of Google, Facebook traffic goes out through IPv6 first. We haven’t experienced any major malfunctions in our IPv6 network since we went live with it.…

Restricting Users With Admin Privileges Solves the Wrong Problem

CONTROL: Minimize the number of users with domain or local administrative privileges. Such users should use a separate unprivileged account for email and web browsing. This control is misunderstood and doesn’t solve the sensitive data protection problem. The real issue today is not “a machine has been compromised”. It’s “data on a machine has been exfiltrated…

Consent: The Part of ‘Yes’ that We Don’t Necessarily Understand

(This is the fourth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. These principles, often represented in regulations and privacy practices, form the foundation for how an organization should treat the…