David M. Brown reported on April 1, 2016 in Data Breach Notification Laws that the State of Tennessee has passed and received the Governor’s signature on revisions to its breach notification requirements. This law goes into effect on July 1, 2016 and could have significant impacts to Tennessee businesses and others, especially if other states follow…
DetailsPeople love to predict the next must-have digital device, from personal drones to augmented-reality contact lenses. But what if the next big device isn’t one single technology? What if it’s a convergence of technologies? How will we then secure our networks and data? A look at the history of the digital universe shows us that,…
DetailsThis seems to be the time of year that everyone is holding a security conference. I will be attending eight from January through the end of April (and speaking at four of them.) The interesting thing about most of these meetings is that they are usually sponsored by vendors, who believe that their product or…
DetailsThird-party vendors are essential to businesses big and small, national and global. Outsourcing is big. Offshoring is big. You can’t just move or outsource part of your business halfway across the world or even across the street and have no way of ensuring that it is being well run. You put your hard-earned money in…
DetailsConsider for a moment the business lines that drive your company’s revenue. If the president of that business unit had an 85% assurance that a new business venture would be successful, would they pursue it? Likely they would. Neil Armstrong, one of America’s greatest heroes, once commented that they had a 90% chance of returning…
DetailsThere were two security incidents over the past week that drew a lot of attention. The first was the ransomware attack against Medstar, a health system based out of Columbia, MD. The second, which received less publicity, was the Neo-Nazi propaganda sent out by infamous Internet troll Weev to publicly accessible printers across the Internet. Out…
DetailsI tell users all the time “Forget everything you learned in Kindergarten.” It always gets a laugh, gets their attention and gets my point across. It’s not nice to share (your password). Secrets are really ok (your IP address). Not only should you not take candy from strangers, you should not take strange candy from…
DetailsWe are seeing that in quite a few organizations the Chief Information Security Officer (CISO) role is going through a period of transition. Leading organizations that didn’t have a CISO role are now actively scoping the responsibilities of this role. To date, the security budget often remains a fraction of total IT spend, and a…
DetailsIn this series, Grace Crickette provides C-Level executives a comprehensive overview of cyber insurance, while addressing business impacts and offering best practices for implementing a risk-management strategy that includes a cyber-liability policy. Part Two: A Very Brief History of Insurance and Coffee Houses Coffee houses or cafés have served as centers of social interaction for patrons…
DetailsRSA Conference 2016 was a great opportunity to connect with the expansive and expanding world of information security. Just like the threat landscape is continuously changing, so is the landscape of security technology and solution providers to help combat this growing risk. Initially, I was shocked by the volume of people attending the conference. However,…
DetailsRSA provides great opportunities for the CISO to learn in a compressed and diverse way to help further the implementation and management of their IT Security Programs. My goal this year was to look for guidance that didn’t focus on the old view of aligning the IT Security Program with the business. Mostly this message had the IT Security Program engaging in technical security with a goal of not upsetting business leaders. I was looking for sessions that…
DetailsI guess it’s time to admit that I might be getting older. When will the adults of the world take back the media and create a Bull S*** rating system. We have a rating system for movies: “Rated PG: Parental guidance suggested – some material may not be suitable for children. Rated PG-13: Parents strongly cautioned…
Details