An In-Depth Guide to SOC 2 Security Common Criteria

While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023… Read More

Third-Party Vendor Security and PCI DSS 

We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs.  Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re… Read More

Shadow IT and the Foundational Threat to Cybersecurity

Companies can only monitor some of the pieces of software that their employees use. It’s inevitable, then, that those employees will start to kludge together their solutions through personal software or freeware from the Internet.  This is such a problem that Splunk recently rated shadow IT as one of the top 50 threats to cybersecurity… Read More

Non-Human Access Vulnerabilities and Modern Cybersecurity

The advent of non-human identities–encompassing service accounts, application IDs, machine identities, and more–has reshaped the cybersecurity landscape, introducing a new dimension of vulnerabilities and attack vectors. While helpful, these digital entities are an increasingly vulnerable spot where attackers focus resources.  This article will cover this relatively new attack vector, how hackers leverage new technology to… Read More

Ultimate Security: Data Breach Prevention in 2023

According to a recent report by IT Governance, there were over 70 data breaches in June 2023 alone–accounting for compromising over 14 million data records. Once these records are out in the open, they are often sold on the dark web. Following that, it’s just a matter of time before hackers can use this data… Read More

Defeating Cyber Security Deficits with a 1-2 Punch

Defeating Cyber Security Deficits with a 1-2 Punch Steve Morgan, a professional acquaintance who writes about cyber security for Forbes published One Million Cybersecurity Job Openings In 2016 and revealed some jaw-dropping statistics concerning the growing deficit in hiring qualified cyber security employees. To make matters worse, this chasm is exacerbated by the explosion of… Read More

What the Biggest Data Breaches in Retail Have Taught Us about Cybersecurity

2014 Data Breaches by Industry With the holiday season upon us, much attention turns to the retail sector, which is expected to see unprecedented activity as shoppers in a strengthening economy take advantage of seasonal deals and yet-further-expanded shopping hours. However, overshadowing the energy of the holiday shopping season, the specter of data breaches past… Read More

Cyber War Waged on the United States with Massive Security Breach

Federal cyber security breach has left millions of American citizens as casualties. Lazarus Alliance responds with proactive cyber-crime prevention. Lazarus Alliance ups the ante with proactive cyber security weapons in the corporate arsenal to fight cybercrime, corporate fraud, espionage and criminal cyber-misconduct. The egregious revelations following this security breach is that the Office of Personnel… Read More

Proactive vs Reactive Cyber Security on Money Radio

Recently Michael Peters, CEO of Lazarus Alliance, spent time with David Cogan of Money Radio and eLiances discussing the differences between proactive cyber security and reactive cyber security. You can replay the broadcast as heard on money radio. An overview of the discussion was when you think cyber security, what comes to your mind first? I’ve… Read More

Do Cyber Security Breaches Determine Your Fate?

Over the past year we have seen corporate cyber security breaches decimating business value, killing companies and ending careers. Even at the highest levels within the largest corporations, no one is exempt from the damage a cyber security breach causes. Outside of traditional global war, never before have we experiences technological war quite like the… Read More

The Locksmith: Combating Crime Within Corporate Anywhere

Around about the time I was wrapping up my tenure as CISO for Colonial Bank back in 2009, I was reflecting on the lessons learned from being part of a company whose corporate soul was ripe with criminal intent. From a historical perspective, Colonial Bank became the largest bank failure of 2009 because of a $2,900,000,000.00 (Yes,… Read More

The New Social Security: When Social Media Meets Social Engineering

The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More

Re-Post: C-Suite Slipping on Information Security, Study Finds

The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More

Information Security By the Numbers

The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More

KISS – Keep It Simple Security – 2009090101

I was reading the latest report published by Deloitte titled “The 6th Annual Global Security Survey.” I did enjoy the survey results and I do intend on using a portion to help shape my general information security strategy in my practice. Certain fundamentals are always sound and always obvious. One quote that I’ll comment on… Read More

Corporate Records: Voice-mail

As electronic discovery matures to meet the ever-changing technology landscape, it is incumbent upon the information security practitioner, forensic investigator, General Counsel, or others responsible for the discovery, acquisition, processing, preservation, and presentation of electronic records to keep swimming or risk drowning. There should be no illusion that voicemail would be considered an electronic record… Read More

CIO, CISO, Eee Eye, Eee Eye Oh Crap a Data Breach!

How do you quantify the true cost of a data breach? How do you measure the costs against the benefits of eliminating risks, mitigating risks or accepting risks to your business effectively? The Lazarus Alliance executive leadership team has been the proverbial tip of the spear within the proactive cyber security realm well before there… Read More

Privacy Piracy Host, Mari Frank, Esq. Interviews Michael Peters

PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS MICHAEL PETERS MONDAY AUGUST 25TH, 2014, AT 8AM PACIFIC TIME ON KUCI 88.9 FM IN IRVINE AND STREAMING ON WWW.KUCI.ORG   MICHAEL PETERS will discuss the following topics and more! Lazarus Alliance Information Security Biggest Threat to our Global Community Don’t miss this fascinating interview with MICHAEL PETERS !   Here’s some background information about this… Read More

The Inmates are Running the Asylum: Why Cyber-criminals are Winning.

I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just… Read More