Focus is over-rated when you’re starting out. The original idea for my presentation at The Privacy & Security Forum in Washington, D.C. was to talk exclusively on how security controls relate to the frameworks that sweep them up and organize them. It was to be “how controls become a framework” in the spirit of the…
DetailsIn today’s Internet of Things (IoT) world, every device can communicate and be connected to the Internet – from your refrigerator to your lights and cars. IoT’s glitter is often dimmed by legitimate security concerns. Just as the power of this new technology can make our lives easier and immensely more delightful, IoT put into…
DetailsIn Part I, I gave you some food for thought about getting your message out there in a clean, crisp, and concise way. In the second installment of my Open Letter to Vendors, we’re going to take a trip to the magical and mystical island of InfoSec Land, where sales are based on trust and…
DetailsPrivacy folks and security folks were finally intermingling by design and not by accident or through one or the other being adventurous. I’m a huge proponent of the two being intermingled (my post Security and Privacy walk into a bar is an example). So I was glad to attend the inaugural Privacy & Security Forum…
DetailsAll financial institutions and retailers are looking for solutions to protect credit card and other sensitive data from the moment the magnetic stripe of the payment card is swiped through to the end of the payment processing cycle. The current end-to-end encryption solutions between the merchant system (point of sale or POS device) and the…
DetailsAs a CISO or an executive responsible for the Information Security organization at your company, one thing that you ought to keep in real focus is the Silo Effect. Be conscious of it, work against it, and prevent it from derailing your vision and longevity! So what is the Silo Effect? It’s when departments do…
DetailsBy now most of us have heard of the phrase kill chain. For those of you that haven’t heard of it, the kill chain is a phase-based model used to describe the stages of a data breach attack. The goal is to break the attack chain by using the appropriate level of key controls for…
DetailsLife on a college campus changes in the Fall. In a way, just like the seasons, life in higher ed is very cyclical, and the beginning of the semester is one of excitement. It also ends a busy season for the IT group, which is commonly known to all others as “summer break.” Much of…
DetailsOver the past few years, there has been an uptick in cybercrime on a mass scale, with hackers gaining access to personal information of millions of people. Breaches at well-known, successful companies such as Target and Home Depot make national news. In more recent years, healthcare organizations are increasingly becoming the target of cyber-attacks. The…
DetailsA few weeks ago, my son and his family came to visit us from Japan (he is a Captain in the Marine Corps and stationed there). We took a day to go down to the shore and walk along the boardwalk. My son mentioned that he needed cash, so I pointed to an ATM sitting…
DetailsSo tell me – did you hear the news?? Apparently the rumors are indeed true. 2015 is the year of the Security Startup. And in the words of the greatest British comedy troupe ever… and there was much rejoicing … However, after meeting with dozens of startups at Black Hat a few weeks ago, I’ve realized…
DetailsInternet of Things (IoT) means everything is potentially connected everywhere and with everyone. Assume it is all compromised. As the volume of IoT grows, we should better understand the implications a bunch of tiny powerful computers connecting to each other brings with them. These devices need the same strong attention we are placing on smartphones,…
Details