Auto Roboticism

On 60 Minutes last night, Lesley Stahl was shocked, shocked to see that modern automobiles collected vast amounts of information about their owners and drivers, had myriad sensors to collect information and allow remote access to that information, and has little if any security either for the sensors or the data collected. Also shocking is the…

Details

The Anthem Hack – Part Deux – What Anthem Did Right (and Wrong)

In the wake of every hack (and every second and one yard in the Super Bowl) there is a stream of criticism from Monday morning quarterbacks about what should have been done.  (Handoff to Marshawn Lynch, maybe?) But in many ways, Anthem Blue Cross did the best they could, considering the situation. There are several things you…

Details

Anthem Blue Cross – The Five Stages of Hack Response

This week it was Anthem Blue Cross’s time. The health insurance giant disclosed a massive hack, which compromised records for as many as 80 million people.  This included identity information, provider information and financial information, as well as sensitive information like SSN’s.  To their credit, they found the breach themselves and reported is quickly and…

Details

The CISO’s Guide to Getting Stuff Done

Let’s face it.  You know what you have to do.  You have a 30-day plan.  A 90-day plan.  A one-year plan.  A five-year plan.  You have spreadsheets, budgets, and PowerPoints. What you DON’T have is management commitment, budget, resources or even the ear of the right people to get done what you need to get…

Details

Crowdsourcing Invasions of Privacy

The Wall Street Journal recently reported that the United States government is creating a massive database of records culled from license plate scanners, and making this database available to law enforcement and other agencies. The WSJ article was specifically about a database created by the Drug Enforcement Administration, but thousands of other agencies and departments collect,…

Details

What Keeps CISO’s Up At Night

Every CISO is one data breach from being fired.  Or one disruptive DDoS attack.  Or one theft of information. Or one bad audit result.  Or one compliance investigation.  Or one letter from the Federal Trade Commission or other regulator.  Or one loss of a CEO or Board of Director’s member’s personal data. It only takes…

Details