Independent Think Tank for Global Technology Security, Privacy and Risk Management
While pondering the recent Target and Neiman Marcus breaches and many of those that have come before, I cannot help myself but to look for common denominators. If you compare these companies to your house, there are doors and windows that allow movement into and out of those houses. If you open a window and it…
Unless you have been living without a source for current news this week, you undoubtedly have heard the bad news about Target Corporation and how hackers breached the technological defenses and stole credit-card data for roughly 40 million customers. The media frenzy focused on Target Corporation has already spawned a dozen class-action lawsuits against the…
Survival Guidance! MichaelPeters.org and
Survival Guidance! MichaelPeters.org and
Survival Guidance! MichaelPeters.org and
HIPAA Survival Guidance! MichaelPeters.org and
We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements….
After years of advising corporations, investment firms and being directly involved with helping people understand what identity theft is and making recommendations on how they might thwart criminals from turning them into victims. I decided to revisit the topic and share a simple checklist approach to prevent identity theft. With just a few simple steps…
I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For…
The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the governing body. My sponsor was
I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just…
Recently, LinkedIn.com surpassed 200 Million members and I was absolutely delighted to be part of the top 1% of the most viewed profiles on LinkedIn for 2012. Thank you to all of you who have helped me reach that professional pinnacle. I do appreciate your support. 2013, here we come!
You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to…
Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution. The problem is that network layer approaches are really…
Vote for me today please! I’m listed in the preliminary round of nominees in two categories for the 2013 Social Security Blogger Awards. Polls close tomorrow. Cast your vote here:
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration…
Still the best source for security, cyberspace law and IT risk management! The
Your Personal CXO is one of the worlds best resources for information security, privacy, cyberspace law and technology guidance delivered to you freely. Now there is an Android app to help you take it with you. Access premium downloadable content, articles, news and other content right from your Android device. Find it here in the
Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your…
There is a frequent question I get from each of my client organizations at least twice a year and that is, “Does your organization adhere to the OWASP Top 10 and is it part of your software development life cycle (SDLC)?” Well, currently, there are no certification exams and no formal training available so how…
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic…
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher
I’m honored to be joining the EC Council Certified CISO (C|CISO) ranks.
Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last…
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here:
For those of you concerned about personal privacy and consumer protections, I posted an article back in September 2012 with analysis concerning mobility privacy and security concerns I had and you should too. There was some survey results and I also opened up a FCC complaint to initiate an investigation into my concerns. The article…
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations.
I appreciate being mentioned on the here:
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the…
In the spirit of the upcoming Halloween season, I thought it a fine time to examine what happens to our digital lives after death. Few of us really consider our digital remains but I’d encourage you to do so for many reasons. Like our physical bodies, our electronic personifications serve no purpose to us once…
There has been very little coverage about a new usage of the latest class of cyber-weapons, specifically one dubbed the Shamoon Virus. The most likely reason for this is that it did not affect western interests more so than it did middle-eastern state interests. Specifically, the sabotage of computers at state oil giant Saudi Aramco…
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,…
As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two…
“Curiosity is, in great and generous minds, the first passion and the last.” – Samuel Johnson. Put in more redneck terms “Look Y’all! Watch this!”
The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly…
A recent
On August 8, 2012, the Federal Trade Commission settled with FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers use these reports to make hiring and benefits-related decisions. The FTC alleged that, because HireRight “regularly sells in interstate…
The Louisville Metro InfoSec is the premier ISSA information security conference! Lazarus Alliance is a proud sponsor.
SBN RSS The Register
The HORSE Project now on Android!
