Resistance is NOT Futile for Cyber Insurance Casualty Insurers.

If you think that the business general liability or even purpose built cyber insurance policies will cover you in the event of a cyber-security breach, it’s highly likely you are mistaken. In fact, it is in your carriers best business interest to deny your claim. Chances are the exemptions in your policy exclude coverage for… Read More

Low-Hanging Fruit Anyone? Why cyber-criminals are looking for you.

Cyber-crime is largely a crime of opportunity. Just like a burglar cases the neighborhood looking for easy pickings. Cyber-criminals case the Internet looking for victims who make it easier to steal from them, the companies they lead or belong to. By adhering to the Security Trifecta® and implementing a proactive cyber security strategy based in… Read More

Did you know that there are only four types of cyber security incidents?

My career has been devoted to both the art and the science behind information security. When I speak of the science, I am referring to the technology and the process we immerse ourselves into as we set about securing our organizations we are charged with protecting. When I speak about the art, I am referring… Read More

Do Cyber Security Breaches Determine Your Fate?

Over the past year we have seen corporate cyber security breaches decimating business value, killing companies and ending careers. Even at the highest levels within the largest corporations, no one is exempt from the damage a cyber security breach causes. Outside of traditional global war, never before have we experiences technological war quite like the… Read More

Cyber Security in the Rearview Mirror

Here are some interesting facts we have discovered after analyzing the 2014 security breach statistics. The number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014. This represents a substantial hike of 27.5 percent over the number of breaches reported in 2013 and a significant increase of 18.3 percent over the… Read More

Vicariously Leeching: beware of third-party crashers

A disturbing trend is emerging within the service provider space of cloud services in the form of deceptive spin doctoring and outright deceptions in plain site. If you are a consumer of any of the plethora of services available and seeking to potentially enlist the services of the myriad of contending vendors, it behooves you to… Read More

OSI Model Layer 8: The Carbon Layer

Just one of the many reasons my vocation and avocation is centered on information security is that things tomorrow will not be quite the same as they were today. There is always someone innovating out there for better or worse. I cannot imagine this challenge subsiding which is quite thrilling and for some, quite distressing. Any… Read More

The Death of Privacy: A Tale of Collusion and Corruption

In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost entirely without consideration for personal privacy. We will review… Read More

The New Social Security: When Social Media Meets Social Engineering

The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More

PenTest Magazine: The Security Trifecta – IT Security Governance Demystified

PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy! 

Information Security By the Numbers

The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More