By now most of us have heard of the phrase kill chain. For those of you that haven’t heard of it, the kill chain is a phase-based model used to describe the stages of a data breach attack. The goal is to break the attack chain by using the appropriate level of key controls for…
DetailsLife on a college campus changes in the Fall. In a way, just like the seasons, life in higher ed is very cyclical, and the beginning of the semester is one of excitement. It also ends a busy season for the IT group, which is commonly known to all others as “summer break.” Much of…
DetailsOver the past few years, there has been an uptick in cybercrime on a mass scale, with hackers gaining access to personal information of millions of people. Breaches at well-known, successful companies such as Target and Home Depot make national news. In more recent years, healthcare organizations are increasingly becoming the target of cyber-attacks. The…
DetailsA few weeks ago, my son and his family came to visit us from Japan (he is a Captain in the Marine Corps and stationed there). We took a day to go down to the shore and walk along the boardwalk. My son mentioned that he needed cash, so I pointed to an ATM sitting…
DetailsSo tell me – did you hear the news?? Apparently the rumors are indeed true. 2015 is the year of the Security Startup. And in the words of the greatest British comedy troupe ever… and there was much rejoicing … However, after meeting with dozens of startups at Black Hat a few weeks ago, I’ve realized…
DetailsInternet of Things (IoT) means everything is potentially connected everywhere and with everyone. Assume it is all compromised. As the volume of IoT grows, we should better understand the implications a bunch of tiny powerful computers connecting to each other brings with them. These devices need the same strong attention we are placing on smartphones,…
DetailsAccording to ITRC (Identity Theft Resource Center), in 2015 thus far there have been over 450 breaches with over 135 million records exposed. They define a breach as an event in which an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is potentially put at risk…
DetailsThings were simpler in the past. I know we hear that sometimes and to a certain degree this is true. It is also true that he who forgets the past is doomed to repeat it. In the world of information security (IS), both adages apply. Back in ancient history – in this case the 1980s…
DetailsI just saw an article stating that Chrysler is sending out USB drives to car owners to update the WiFi connect features in their Jeeps. For those of you that missed the story on the news, the article about it is in Wired magazine. My guess is that this is being done to save the cost…
DetailsI happened to watch the movie “The Duff” recently. If you haven’t seen it, it’s a 2015 teenage comedy film with a plot along the lines of “The Breakfast Club” meets “Mean Girls.” What struck me about this movie (and the reason I’m alluding to it now) was the fact that one of the main…
DetailsAs many of you know, starting a new job can be challenging in and of itself. It involves learning a new culture, understanding company values, as well as basic things such as remembering names and faces, and who to eat lunch with. With all of the stress and challenges experienced within that first 90 days, which is just…
DetailsThe recent Office of Personnel Management (OPM) breach may be the largest breach of Federal records ever. With the resignation of OPM Director Katherine Archuleta over the compromise of the newly disclosed number of 21.5 million records, the breach has gotten the attention of Congress and the nation as a whole since it was first revealed last month. One of…
Details