It’s impossible to build out a really strong IT security program without the solid foundation of a great security team. Pritesh Parekh, VP and CSO of Zuora, winner of the 2016 SC Magazine Award for Best Security Team, shares his best practices for structuring, hiring and managing a high-performing security team that will effectively execute…
DetailsTry and do an information security risk assessment of a law firm your company uses. Give them an InfoSec security questionnaire to fill out and request key information security documents. And if they host a lot of your sensitive data ask for a SOC2 report or even a penetration test report. What are the chances you…
DetailsI was looking at Facebook the other day (yes, I know – a security guy that uses Facebook – just wait until you have grandkids and a scary message appeared at the top of the page. It was the 39 year anniversary of my employment at Columbia University. I have been working in IT for 39…
DetailsPasswords are not a means of securing information. Bill Gates told us this in 2004, but it’s 2016 now and this time, we really mean it. Gates’ reasoning was that passwords were just insufficient to protect the growing information field and the privacy of sensitive information. The problem now is not that passwords are insecure –…
DetailsGlenn Fink, a security researcher at Pacific Northwest Labs, did a presentation called the “Internet of Cows” at a recent IEEE conference where he showed how dairy farming has become an automated, internet accessible business process. He took the discussion one step further by saying that cows make great human surrogates in the privacy debates surrounding IoT. He…
DetailsWho knows you better than your smart phone? Your family? Maybe. Your colleagues? Perhaps. Your dog? Almost certainly—but that could change very soon. For many of us, our phones and other devices—smart watches, tablets, laptops—are privy to our deepest secrets. Our devices may know, via the alarm we set, when we get up in the…
DetailsDavid M. Brown reported on April 1, 2016 in Data Breach Notification Laws that the State of Tennessee has passed and received the Governor’s signature on revisions to its breach notification requirements. This law goes into effect on July 1, 2016 and could have significant impacts to Tennessee businesses and others, especially if other states follow…
DetailsPeople love to predict the next must-have digital device, from personal drones to augmented-reality contact lenses. But what if the next big device isn’t one single technology? What if it’s a convergence of technologies? How will we then secure our networks and data? A look at the history of the digital universe shows us that,…
DetailsThis seems to be the time of year that everyone is holding a security conference. I will be attending eight from January through the end of April (and speaking at four of them.) The interesting thing about most of these meetings is that they are usually sponsored by vendors, who believe that their product or…
DetailsThird-party vendors are essential to businesses big and small, national and global. Outsourcing is big. Offshoring is big. You can’t just move or outsource part of your business halfway across the world or even across the street and have no way of ensuring that it is being well run. You put your hard-earned money in…
DetailsConsider for a moment the business lines that drive your company’s revenue. If the president of that business unit had an 85% assurance that a new business venture would be successful, would they pursue it? Likely they would. Neil Armstrong, one of America’s greatest heroes, once commented that they had a 90% chance of returning…
DetailsThere were two security incidents over the past week that drew a lot of attention. The first was the ransomware attack against Medstar, a health system based out of Columbia, MD. The second, which received less publicity, was the Neo-Nazi propaganda sent out by infamous Internet troll Weev to publicly accessible printers across the Internet. Out…
Details