Are you a Means, Motive or Opportunity CISO?

I was recently asked why there has been a spike in incident alerts during the current month. As I gave my answer, I noticed that I was focusing on the reasons behind “why” the numbers had risen and it became apparent to me that when I explain risks, I tend to focus on the motive…

Details

Data Privacy – I Do Not Think That Word Means What You Think it Means

On September 10, 2019, leaders of the high tech and business world, through the Business Roundtable, sent a letter to political leaders urging them to pass a comprehensive federal consumer data privacy law. The letter, signed by individuals like Amazon’s Jeff Bezos and Michael Dell, and other business leaders noted that “There is now widespread agreement among…

Details

Scraping Away at Computer “Crime” – Federal Appeals Court Rules Against LinkedIn in online “scraping” case

Your domain is your domain. Your website is your website. You decide who can access your site, who can access your data, and how they can do that. You make those decisions through both technology (e.g., code, access control, userIDs, passwords, multifactor authentication) and contracts (terms of use, terms of service, privacy policies, software license…

Details

Doorbell privacy: Where the ring tolls

Amazon’s Ring video doorbell allows you to see who is at (or near) your doorstep. Under a semi-secret program called “Neighbors” it also allows the police to see the same thing. The program incentivizes police to “sell” the Ring device to consumers (even giving the police free surveillance devices themselves) and creates a network whereby…

Details

How to Get Your Organization to “Own” Security – First Steps

Many companies grapple with integrating cybersecurity awareness into the organizational culture. After many years as a CISO and cybersecurity consultant, I believe the answer to this perennial problem is to encourage the organization to “own” security. The first step towards this goal is to establish a cybersecurity council composed of representatives from various business units. Some organizations already have…

Details

Former U.S. government cyber-czar says cyberwar is a huge security threat but it can be combatted

Companies need to embed cybersecurity into the DNA of their organizations to combat potentially disastrous cyber threats by state actors and individuals. This is the message that Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-Terrorism for the United States, gave cybersecurity executives at CISOs Connect San Diego 2019. Clarke told CISOs attending the conference about the chilling…

Details

CISOs Investigate: Vulnerability Management Released to CISOs

A Vulnerability Management Program is made up of a complex matrix of policies, processes and tools that enable security professionals to turn a detective control into an ongoing risk-management operation. Effective risk management is a function of the organization’s ability to manage vulnerabilities. That makes managing vulnerabilities a particularly crucial part of the CISO role.…

Details

The Obsolescence of Passwords

Passwords as a means of authentication have been around for a long time. Their existence is based on the fundamental premise that it is only the consumer or user who has the secret. And in these past 60 years, passwords have served us well. But the premise is becoming less and less true. These days,…

Details

Solving the security fear of commitment

  Here is a fun exercise if you are bored. Go into any grocery or superstore. If you prefer online shopping, log onto your favorite retailer and find/pick any one category of products. Next, count how many brands there are in that one category. Then, count how many different options or different stock keeping units…

Details