My biggest security problems all start with authentication. If you look at the major hacks that have taken place in the last year, you can trace most of them back to phishing (or stupid). If I could wave a magic wand and create a system that could verify the identity of the person at the…
DetailsI have always found that information security professionals tend to fall into three categories: SWAT Teams, Power Rangers or Nerds with an edge (see a blog post of that name I wrote earlier by clicking here). We all play all three roles, of course, when the need arises. But we all have our tendencies. When…
DetailsBCP. Three little letters that, unfortunately, strike mind-numbing boredom into most CIOS’s. The truth is, Business Continuity Planning isn’t synonymous with the excitement that is typically found in the Information Security world. There aren’t nation states trying to subvert your controls, or insiders trying to get away with industrial espionage, or some faceless hactivist group…
DetailsBack in the late 1990’s, I was fortunate to be part of a team of cyber security experts who were asked to develop a list of the Top 10 Internet Security Threats. “On February 15, 2000, thirty Internet experts met with President Clinton to identify actions needed to defeat the wave of distributed denial of…
DetailsIt’s not a matter of if your company will be breached but when and for newly established companies or startups the when may be sooner rather than later. Startups are being established across industries and come in many different sizes. Regardless of whether they are in year 2 or year 5 of their existence, in…
DetailsIn a November 2014 article, Lowell McAdam the CEO of Verizon made the following very bold public statement, “It’s Wrong That in a Room of 25 Engineers, Only 3 Are Women.” Lowell’s very intriguing article went on to quote several other very compelling facts and figures triggering resonance at so many levels, including the prediction…
DetailsSecurity and Privacy are essential in today’s digital economy. 2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with our sensitive information. Currently, there are more than 80 countries with privacy laws. Violating these laws may result in fines, brand damage, and/or loss of…
DetailsIncessant questioning can reduce the best thinking to no more than a background chorus of “Are we there yet?” But there are still some things that have to be asked. I have spent the past four articles observing how aggregation is emerging as more than just an automated process. I’ve tried to show the following:…
DetailsSony, Sony, Sony. Do you even realize what has just happened to you? Can you even comprehend the ripple effect this event will have not just on your industry, but everywhere? So to begin with, let’s not dig into what happened or who did it. Primarily because there is still an open investigation happening and unlike others,…
Details(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments. We are also consumers of them. They come from many sources. The main four are: Responses from third parties whose goods and services we are evaluating as part of our due diligence Assessments provided by entities that are targets of mergers, acquisitions,…
DetailsPeople prefer to choose the groups they are in. Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated themselves with. There are also the groups that people don’t choose but through birth, prejudice, unforeseen circumstances and/or unwanted diagnoses, they find themselves in nonetheless. …
DetailsIn the aftermath of the Target breach, there has been a lot of press on the need for a Chief Information Security Officer (CISO) in the boardroom. The Wall Street Journal, the NY Times, Forbes, and a host of other business publications are calling for a senior information risk executive to have the proverbial ‘seat…
Details