CISO Roundtable: Unprecedented Times

Healthcare CISOs Talk About Supporting Frontline and Remote Medical Workers Leading healthcare CISOs discuss the unique challenges they face as they support frontline and remote medical workers as well as the myriad of other personnel. Everyone doing their utmost during these unprecedented times to save lives. They talk about facilitating and securing a diverse workforce,…

Details

COVID-19 and the Digital Pandemic

by Angel T. Redoble* and Francisco Ashley L. Acedillo** Introduction In May 2019, a Chinese government-sponsored hacking group was reported to be targeting unidentified entities across the Philippines. By year’s end 2019, the Philippines was ranked number 12 among the top 20 countries where users face the greatest risk of online infection. One anti-malware company…

Details

Michael Anderson, Dallas County Texas CISO

Many professions have formal apprentice or internship programs that allow junior employees to learn on the job under the tutelage of an experienced master. CISOs don’t have the luxury of a structured activity but many times they do have the advantage of working for someone who can set an example and provide a path that…

Details

No Good Deed… Apple 2FA Case Dismissed by California Federal Court

A few years ago, Apple began pushing “two-factor” authentication on its users.  Through an update in the Operating System, they began to require those who wanted to download and install software to, in addition to providing a password, use a separate out-of-band authentication mechanism. While such 2FA systems are not perfect, and those which rely…

Details

Rogue One. U.K. Supermarket Chain Morrisons Not Liable For Data Breach By Internal Auditor, UK High Court Says

Andrew Skelton was a senior auditor in the internal audit department of UK supermarket chain Morrisons. In July, 2013, Skelton was scolded by Morrisons for some minor misconduct. To get even, Skelton leaked payroll, banking and other data about 126,000 Morrisons employees first to an online accessible website, and then to several newspapers. The breach, forensics,…

Details

Managing Risk in the Era of Pandemic

Cyber Security is NOT about cybersecurity. It’s not about compliance with regulations. At the end of the day, cyber security is about identifying and managing risks. Risks associated with the use and misuse of technology. Risks associated with failing to protect data. Risks associated with doing too little. And risks associated with doing too much.…

Details