While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More
Third-Party Vendor Security and PCI DSS
We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs. Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re… Read More
Security, Compliance, and the Decline of Third-Party Cookies
The issue of cookies and user tracking has long been an issue, but the importance of these marketing and development tools has kept them a vital part of our web experiences. However, Google announced that its popular Chrome browser would no longer support third-party cookies, and in January 2024, they began rolling out anti-cookie technology. … Read More
Shadow IT and the Foundational Threat to Cybersecurity
Companies can only monitor some of the pieces of software that their employees use. It’s inevitable, then, that those employees will start to kludge together their solutions through personal software or freeware from the Internet. This is such a problem that Splunk recently rated shadow IT as one of the top 50 threats to cybersecurity… Read More
Non-Human Access Vulnerabilities and Modern Cybersecurity
The advent of non-human identities–encompassing service accounts, application IDs, machine identities, and more–has reshaped the cybersecurity landscape, introducing a new dimension of vulnerabilities and attack vectors. While helpful, these digital entities are an increasingly vulnerable spot where attackers focus resources. This article will cover this relatively new attack vector, how hackers leverage new technology to… Read More
Ultimate Security: Data Breach Prevention in 2023
According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data… Read More
Cyber New Year’s Resolutions: Cyber Security Tips for 2018
Cyber Security Tips for 2018 and Beyond Now that the year is coming to an end, all eyes are on what’s possibly around the corner. More attacks on cryptocurrencies? An escalation in attacks by state-sponsored cyber criminals? Chaos as the EU’s GDPR is implemented? In cyber security, only one thing is certain: It’s a continuous… Read More
HBO Hacks Indicate a Company in Cyber Security Crisis
Hacks in the City: Latest in String of HBO Hacks Targets Company’s Social Media Accounts HBO has had a rough summer, and things are getting progressively worse for the cable titan. The HBO hacks began in late June, when an individual hacker or group calling themselves “Mr. Smith” dumped several episodes of upcoming HBO series… Read More
Defeating Cyber Security Deficits with a 1-2 Punch
Defeating Cyber Security Deficits with a 1-2 Punch Steve Morgan, a professional acquaintance who writes about cyber security for Forbes published One Million Cybersecurity Job Openings In 2016 and revealed some jaw-dropping statistics concerning the growing deficit in hiring qualified cyber security employees. To make matters worse, this chasm is exacerbated by the explosion of… Read More
What the Biggest Data Breaches in Retail Have Taught Us about Cybersecurity
2014 Data Breaches by Industry With the holiday season upon us, much attention turns to the retail sector, which is expected to see unprecedented activity as shoppers in a strengthening economy take advantage of seasonal deals and yet-further-expanded shopping hours. However, overshadowing the energy of the holiday shopping season, the specter of data breaches past… Read More
Cyber War Waged on the United States with Massive Security Breach
Federal cyber security breach has left millions of American citizens as casualties. Lazarus Alliance responds with proactive cyber-crime prevention. Lazarus Alliance ups the ante with proactive cyber security weapons in the corporate arsenal to fight cybercrime, corporate fraud, espionage and criminal cyber-misconduct. The egregious revelations following this security breach is that the Office of Personnel… Read More
Proactive vs Reactive Cyber Security on Money Radio
Recently Michael Peters, CEO of Lazarus Alliance, spent time with David Cogan of Money Radio and eLiances discussing the differences between proactive cyber security and reactive cyber security. You can replay the broadcast as heard on money radio. An overview of the discussion was when you think cyber security, what comes to your mind first? I’ve… Read More
Do Cyber Security Breaches Determine Your Fate?
Over the past year we have seen corporate cyber security breaches decimating business value, killing companies and ending careers. Even at the highest levels within the largest corporations, no one is exempt from the damage a cyber security breach causes. Outside of traditional global war, never before have we experiences technological war quite like the… Read More
Cyber Security Comes In Only Two Flavors
When you think cyber security, what comes to your mind first? I’ve posed that question to many an audience over the years and most frequently the response is what folks see on the nightly news or through some new source. Recently people will respond with examples such as Home Depot, Target, Sony, JP Morgan and the… Read More
The Locksmith: Combating Crime Within Corporate Anywhere
Around about the time I was wrapping up my tenure as CISO for Colonial Bank back in 2009, I was reflecting on the lessons learned from being part of a company whose corporate soul was ripe with criminal intent. From a historical perspective, Colonial Bank became the largest bank failure of 2009 because of a $2,900,000,000.00 (Yes,… Read More
The New Social Security: When Social Media Meets Social Engineering
The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
KISS – Keep It Simple Security – 2009090101
I was reading the latest report published by Deloitte titled “The 6th Annual Global Security Survey.” I did enjoy the survey results and I do intend on using a portion to help shape my general information security strategy in my practice. Certain fundamentals are always sound and always obvious. One quote that I’ll comment on… Read More
Corporate Records: Voice-mail
As electronic discovery matures to meet the ever-changing technology landscape, it is incumbent upon the information security practitioner, forensic investigator, General Counsel, or others responsible for the discovery, acquisition, processing, preservation, and presentation of electronic records to keep swimming or risk drowning. There should be no illusion that voicemail would be considered an electronic record… Read More
CIO, CISO, Eee Eye, Eee Eye Oh Crap a Data Breach!
How do you quantify the true cost of a data breach? How do you measure the costs against the benefits of eliminating risks, mitigating risks or accepting risks to your business effectively? The Lazarus Alliance executive leadership team has been the proverbial tip of the spear within the proactive cyber security realm well before there… Read More
Privacy Piracy Host, Mari Frank, Esq. Interviews Michael Peters
PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS MICHAEL PETERS MONDAY AUGUST 25TH, 2014, AT 8AM PACIFIC TIME ON KUCI 88.9 FM IN IRVINE AND STREAMING ON WWW.KUCI.ORG MICHAEL PETERS will discuss the following topics and more! Lazarus Alliance Information Security Biggest Threat to our Global Community Don’t miss this fascinating interview with MICHAEL PETERS ! Here’s some background information about this… Read More
The Inmates are Running the Asylum: Why Cyber-criminals are Winning.
I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just… Read More