Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last… Read More
Thank You CSO Magazine Online!
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
Updated: Privacy Concerns: Survey Says!
For those of you concerned about personal privacy and consumer protections, I posted an article back in September 2012 with analysis concerning mobility privacy and security concerns I had and you should too. There was some survey results and I also opened up a FCC complaint to initiate an investigation into my concerns. The article… Read More
Re-post: Your Employee Is an Online Celebrity. Now What Do You Do?
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations. The original article is here: Personally, I considered it an excellent thought-provoking article! It points… Read More
Thanks for raising security awareness Bill Brenner!
I appreciate being mentioned on the CSO Magazine: Salted Hash – IT Security News column hosted by Bill Brenner here:
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
Digital Purgatory: Data Remains After Death
In the spirit of the upcoming Halloween season, I thought it a fine time to examine what happens to our digital lives after death. Few of us really consider our digital remains but I’d encourage you to do so for many reasons. Like our physical bodies, our electronic personifications serve no purpose to us once… Read More
Embargo to Espionage: A Cursory Review of the Shamoon Virus
There has been very little coverage about a new usage of the latest class of cyber-weapons, specifically one dubbed the Shamoon Virus. The most likely reason for this is that it did not affect western interests more so than it did middle-eastern state interests. Specifically, the sabotage of computers at state oil giant Saudi Aramco… Read More
2012 Louisville Metro InfoSec Conference
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More
Dichotomy
As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More
Curiosity Skilled the Cat
“Curiosity is, in great and generous minds, the first passion and the last.” – Samuel Johnson. Put in more redneck terms “Look Y’all! Watch this!”
Symbiotic Mutualism: A BYOD Love Story
The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly… Read More
Privacy Concerns: Survey Says!
A recent survey by the Pew Research Center found that the majority of mobile phone users have uninstalled or avoided apps due to privacy concerns. According to the report: 54% of mobile users have decided to not install an app after discovering the amount of information it collect 30% of mobile users uninstalled an app… Read More
Possible Implications of FCRA Actions?
On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers… Read More
About Michael
ABOUT
RESOURCES
INDUSTRY CONTRIBUTIONS
HORSE WIKI: The Holistic Operational Readiness Security Evaluation wiki
Looking for the HORSE Project? Look no further! Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki. We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial… Read More
THE SECURITY TRIFECTA
The Security Trifecta An Introductory Review Information Security By the Numbers The Security Trifecta Methodology Briefings The Security Trifecta: Information Security By the Numbers The Security Trifecta: We are all in the Same Boat The Security Trifecta: Collaboration Vs. Isolation The Security Trifecta: Governance, Technology and Vigilance The Security Trifecta: Source Code, Application and Systems… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Multi-factor Mobility Method
A very compelling multi-factor authentication method for mobility by CheckSavvy has a ground-breaking opportunity. Secure Mobile Payments, Alerts & Discounts by CheckSavvy Payment alerts by cell phone with location-based discounts on entertainment, activities, dining, lodging, shopping & getting around in 60 major languages.
Editorial Reviews: Jim Cox
Midwest Book Review’s Editor-in-Chief Jim Cox writes: “Along with the general economy, the job market crash that began in 2008 and which is starting to recover some four years later is still highly competitive and highly volatile. This is as true for executive level corporate officer as it is for the industrial line worker. Drawing… Read More
Is Facebook Losing its Luster?
I’ve been trying out an opted-in email based campaign this month targeting University Teachers, Higher Education Teachers and Book Stores in the US with a simple message that includes links to the most common sources of information and purchasing options for one of my books, Governance Documentation and Information Technology Security Policies Demystified which makes… Read More