When is it a Breach?

One of the most difficult decisions a CISO has to make is the one that says the organization suffered a data breach. A data breach starts a chain of events that could eventually result in loss of company reputation, financial expenditures for credit monitoring of affected individuals, and possible regulatory and legal fines. Not surprisingly, the…

Details

Why I Hate Phishing

Thursday, April 18 started out as a normal day (except for all of the Heartbleed hubbub), that was, until we realized that the University had been hit with about 32K of phishing emails. I have to hand it to the phishers, they did a really nice job. An email, signed by one of our help…

Details

Securing the Enterprise: Crazy Ideas from the Ivory Tower

Doing security at a university is both interesting and scary.  Because you have to provide both an open environment for research and instruction, and enterprise level security for the business of the university, you really need to think way outside of the boxes that are available on the market. It occurred to me that many…

Details

You Can’t Stop Stupid: Security in the Academic World

One would think that working in a very prestigious university would simplify the job of the security department.  All you would have to do is tell people what was required and those people, with very large IQs, would understand and follow these simple (or not so simple) rules: Don’t click on stuff Don’t open attachments…

Details

Not Like the Others

(This is the sixth installment in an on-going examination of the first principles of data privacy and security. The first installment can be read here. The second installment can be read here. The third installment can be read here. The fourth installment can be read here. The fifth installment can be read here. These principles, often represented in regulations and privacy…

Details