For Whom the Bell Curve Tolls
People prefer to choose the groups they are in. Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated…
DetailsFrom the War Room to the Boardroom – The True Elevation of the CISO
In the aftermath of the Target breach, there has been a lot of press on the need for a Chief Information Security Officer (CISO) in the boardroom. The Wall Street…
DetailsWalking the Security Tightrope
Some 38 years ago, I started working for the systems group at CUCCA (Columbia Center for Computing Activities). I was fresh out of engineering school (Columbia, by coincidence) and a…
DetailsTake the Test: Are You Ready to Tame Your Vendor Security Risk Monster?
How do you measure how mature your vendor security risk assessment program is? How do you measure your ability to lead or develop such a program? Would it be safe…
DetailsApplication Security – Redux
When you’re on a roll, ride it out. I’ve been on the “Redux” train for a couple of days. I usually do this when I review our security architecture initiatives…
DetailsDeja Vu All Over Again – DDoS Amplification Attacks
Yep, it’s time to use this title again. This time we’re talking about Distributed Denial of Service (DDoS) amplification attacks. One of the lists I monitor posted the following: Christian…
DetailsSecurity for the Holidays
The holiday season is filled with opportunities for the Bad Guys to take advantage of people who are filled with the holiday spirit, out and about having a good time…
DetailsAmazon Web Services Security: It Takes a Village
For those contemplating using Amazon Web Services (AWS), their compliance page is quite assuring. With a who’s who of compliance standards from SSAE-16, ISO 27001, PCI DSS, to CSA, MPAA,…
DetailsSelf-Test: Are You a True Information Security Leader
It is more important than ever to safeguard your business. As the drumbeat of news about breaches continues, the stakes have never been greater. You must stay a step ahead…
DetailsAnti-Viral
Aggregating is the inverse of broadcasting. What complicates this is that many technologies are now used for both. Cell phones are the best example. They are a device originally designed…
DetailsMoving to the Cloud: Resistance is Futile
At some point, I must have drunk the Cloud Kool-Aid. I find that despite my best efforts, I no longer develop the sinking feeling in the pit of my stomach…
DetailsCloud Security: How I Learned to Love a Data Exfiltration Service
Ok, I know the title sounds a little negative. I’m not against cloud services at all. We use cloud services here for a wide variety of business and personal purposes.…
Details