CISO Short List
Honored to make the CISO short list with esteemed colleagues! Thank you
The New Social Security: When Social Media Meets Social Engineering
The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been…
Hello PCA SHOP CERTIFIED® Auditor
I’m honored to be joining the privacy Compliance Association’s SHOP CERTIFIED® Auditor ranks. Consumer privacy, identity theft and fraud will always be a problem and it seems we continue to be painfully more aware of just how often it is breached by cyber-criminals, employees, corporate executives, rogue nations and even our own government. If you would…
Human Nature – The Proverbial Thorn in the CISO’s Keaster!
While pondering the recent Target and Neiman Marcus breaches and many of those that have come before, I cannot help myself but to look for common denominators. If you compare these companies to your house, there are doors and windows that allow movement into and out of those houses. If you open a window and it…
Too Many Targets! Why Target isn’t the only retailer poised for a breach.
Unless you have been living without a source for current news this week, you undoubtedly have heard the bad news about Target Corporation and how hackers breached the technological defenses and stole credit-card data for roughly 40 million customers. The media frenzy focused on Target Corporation has already spawned a dozen class-action lawsuits against the…
Survival Guidance! Resource for SSAE 16 SOC 2 Readiness Audits
Survival Guidance! MichaelPeters.org and
Survival Guidance! Resource for SSAE 16 SOC 1 Readiness Audits
Survival Guidance! MichaelPeters.org and
Survival Guidance! FedRAMP and FISMA Resource for Assessing the Security Controls in Federal Information Systems and Organizations
Survival Guidance! MichaelPeters.org and
Survival Guidance! Resource for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
HIPAA Survival Guidance! MichaelPeters.org and
A Decade of SOX: Knowledge is your friend; Ignorance is your enemy
We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements….
The Truth about ID Theft: No fear mongering, no snake oil, just simple advice.
After years of advising corporations, investment firms and being directly involved with helping people understand what identity theft is and making recommendations on how they might thwart criminals from turning them into victims. I decided to revisit the topic and share a simple checklist approach to prevent identity theft. With just a few simple steps…
In Harm’s Way: The CISO’s Dangerous Tour of Duty
I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For…
The Security Trifecta – Governance Made Easy: CISO Executive Summit Keynote
The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the governing body. My sponsor was
The Inmates are Running the Asylum: Why Cyber-criminals are Winning.
I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just…
Top 1% Most Viewed LinkedIn Profile
Recently, LinkedIn.com surpassed 200 Million members and I was absolutely delighted to be part of the top 1% of the most viewed profiles on LinkedIn for 2012. Thank you to all of you who have helped me reach that professional pinnacle. I do appreciate your support. 2013, here we come!
Reasonable Duty of Care: Data Security and Privacy
You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to…
Security Overlooked: Weathering the DDoS Storm
Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution. The problem is that network layer approaches are really…
Please Vote for this blog!
Vote for me today please! I’m listed in the preliminary round of nominees in two categories for the 2013 Social Security Blogger Awards. Polls close tomorrow. Cast your vote here:
Download Premium Content: Governance Documentation and Information Technology Security Policies Demystified
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
The Future of the Security Executive?
I was presented with a question this week that I thought was worth sharing. The question was “What you think information Security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration…
The HORSE Project has an app!
Still the best source for security, cyberspace law and IT risk management! The
Your Personal CXO has an app!
Your Personal CXO is one of the worlds best resources for information security, privacy, cyberspace law and technology guidance delivered to you freely. Now there is an Android app to help you take it with you. Access premium downloadable content, articles, news and other content right from your Android device. Find it here in the
Security Overlooked: Domain Name Service (DNS)
Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your…
Pop Quiz! Test your OWASP knowledge and earn credit.
There is a frequent question I get from each of my client organizations at least twice a year and that is, “Does your organization adhere to the OWASP Top 10 and is it part of your software development life cycle (SDLC)?” Well, currently, there are no certification exams and no formal training available so how…
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic…
Your Personal CXO
Your Personal CXO 
Louisville Metro InfoSec
The Louisville Metro InfoSec 
The Louisville Metro InfoSec is the premier ISSA information security conference! Lazarus Alliance is a proud sponsor.
Affiliates
Your Personal CXO 
SBN RSS- The Register
- Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
- Amazon wires up email-to-Kindle to its gigantic online hard drive
- Did you know Twitter has a 'consumer product division'? Ex-Google Maps boss now runs it
- Nutanix tries to lure in BIZ WHALES with fresh storage NOS
- Techies: Hands-on lab to find out what AWS Cloud can do for you
Get the app!
HORSE Project app! 
The HORSE Project now on Android!