The Wisdom of the CISO Crowd…In an Era of Security Products and Technologies DELUGE

The list of security products and technologies resulting from searches by even the least sophisticated Internet Search Engines across any of the major security product categories can be quite overwhelming. These categories include ‘firewalls,’ ‘IDS/IPS’, ‘SIEM’ and don’t even mention “Threat Intelligence” since, thanks to the associated market hype-cycle, even vulnerability scanners are now being…

Details

My Security Fantasy

My biggest security problems all start with authentication.  If you look at the major hacks that have taken place in the last year, you can trace most of them back to phishing (or stupid). If I could wave a magic wand and create a system that could verify the identity of the person at the…

Details

Business Continuity Planning, The CISOs Secret Weapon

BCP.  Three little letters that, unfortunately, strike mind-numbing boredom into most CIOS’s.  The truth is, Business Continuity Planning isn’t synonymous with the excitement that is typically found in the Information Security world. There aren’t nation states trying to subvert your controls, or insiders trying to get away with industrial espionage, or some faceless hactivist group…

Details

10 Steps Towards an Information Security Program for Newly Established Companies

It’s not a matter of if your company will be breached but when and for newly established companies or startups the when may be sooner rather than later. Startups are being established across industries and come in many different sizes.  Regardless of whether they are in year 2 or year 5 of their existence, in…

Details

If Not Now, When? If Not Us, Who? – “Tackling The Great Minority Cyber Divide”

In a November 2014 article, Lowell McAdam the CEO of Verizon made the following very bold public statement, “It’s Wrong That in a Room of 25 Engineers, Only 3 Are Women.” Lowell’s very intriguing article went on to quote several other very compelling facts and figures triggering resonance at so many levels, including the prediction…

Details

The Importance of Privacy

Security and Privacy are essential in today’s digital economy.  2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with our sensitive information.  Currently, there are more than 80 countries with privacy laws.  Violating these laws may result in fines, brand damage, and/or loss of…

Details

GRC Debunker

(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments.  We are also consumers of them.  They come from many sources.  The main four are: Responses from third parties whose goods and services we are evaluating as part of our due diligence Assessments provided by entities that are targets of mergers, acquisitions,…

Details

Take the Test: Today Ebola, Tomorrow Who Knows? Can Your Business Survive a Pandemic?

Pandemics are epidemics occurring on a scale that crosses international boundaries, usually affecting a large number of people. We may have had near misses, Ebola most recently but the threat of a pandemic is always with us. What is the possible impact to your business and how should you prepare? According to one State Public Health Organization addressing…

Details