I’m honored to be invited to EC-Council’s TakeDownCon keynote speaker for the 2015 event. TakeDownCon brings together information security researchers and technical experts from corporate to underground industries, to a unique “Ethical Hacking” conference. In two days, they will present and debate the latest security threats, disclose current vulnerabilities, and share information crucial to the… Read More
Resistance is NOT Futile for Cyber Insurance Casualty Insurers.
If you think that the business general liability or even purpose built cyber insurance policies will cover you in the event of a cyber-security breach, it’s highly likely you are mistaken. In fact, it is in your carriers best business interest to deny your claim. Chances are the exemptions in your policy exclude coverage for… Read More
Low-Hanging Fruit Anyone? Why cyber-criminals are looking for you.
Cyber-crime is largely a crime of opportunity. Just like a burglar cases the neighborhood looking for easy pickings. Cyber-criminals case the Internet looking for victims who make it easier to steal from them, the companies they lead or belong to. By adhering to the Security Trifecta® and implementing a proactive cyber security strategy based in… Read More
Did you know that there are only four types of cyber security incidents?
My career has been devoted to both the art and the science behind information security. When I speak of the science, I am referring to the technology and the process we immerse ourselves into as we set about securing our organizations we are charged with protecting. When I speak about the art, I am referring… Read More
2015 Audit Anarchy Infographic
There is a huge difference in the very traditional methodology used by almost all audit firms and the proactive constant auditing methodology used by Lazarus Alliance. This infographic explains those differences along with shining a little light on some dirty techniques used by the big expensive bully firms.
OSI Model Layer 8: The Carbon Layer
Just one of the many reasons my vocation and avocation is centered on information security is that things tomorrow will not be quite the same as they were today. There is always someone innovating out there for better or worse. I cannot imagine this challenge subsiding which is quite thrilling and for some, quite distressing. Any… Read More
The New Social Security: When Social Media Meets Social Engineering
The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More
Survival Guidance! Resource for SSAE 16 SOC 2 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 2 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! Resource for SSAE 16 SOC 1 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 1 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! FedRAMP and FISMA Resource for Assessing the Security Controls in Federal Information Systems and Organizations
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the security controls in federal information systems and organizations free. This is a resource based on the NIST 800-53A framework you may freely use to conduct your organization’s FedRAMP, HIPAA or best practice based security audits. Your results are private and the output… Read More
Survival Guidance! Resource for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
HIPAA Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule free. This is a resource you may freely use to conduct your organization’s HIPAA security audits. Your results are private and the output is sent to you without charge. It’s just on… Read More
The Security Trifecta – Governance Made Easy: CISO Executive Summit Keynote
The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the CISO Executive Summit this year and getting the opportunity to collaborate, strategize and even in some cases, commiserate with my information security comrades from across the industry. The good folks at Evanta organized the event with direction from the event’s… Read More
Download Premium Content: Governance Documentation and Information Technology Security Policies Demystified
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
The HORSE Project has an app!
Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More
PenTest Magazine: The Security Trifecta – IT Security Governance Demystified
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Thank You CSO Magazine Online!
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
Re-post: Your Employee Is an Online Celebrity. Now What Do You Do?
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations. The original article is here: Personally, I considered it an excellent thought-provoking article! It points… Read More
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
2012 Louisville Metro InfoSec Conference
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Is Facebook Losing its Luster?
I’ve been trying out an opted-in email based campaign this month targeting University Teachers, Higher Education Teachers and Book Stores in the US with a simple message that includes links to the most common sources of information and purchasing options for one of my books, Governance Documentation and Information Technology Security Policies Demystified which makes… Read More
Freshly Rendered Graphics for The Security Trifecta
To appease the trademark gods, I had a whole series of images rendered to represent The Security Trifecta methodology and offerings. Here is an example: Thoughts?
MENA ISC 2012 – The Security Trifecta™ – Day 2
The second day of MENA ISC 2012 was action packed with many great presentations. I had many engaging conversations with quite a few delegates. Discussing The Security Trifecta was of course a favorite topic of mine. What really matters was the overarching theme that was delivered by many speakers was in getting control of information… Read More
My comments about Virtuport and MENA ISC 2012.
Several exceptional facets of MENA ISC 2012 became quite apparent to me during my attendance and participation in the Middle East North Africa Information Security Conference. First, what a truly impressive assembly of international security experts and delegates. People attending were engaged, inquisitive, and very collaborative which is a vital component in mastering the global… Read More