I’m honored to be invited to EC-Council’s TakeDownCon keynote speaker for the 2015 event. TakeDownCon brings together information security researchers and technical experts from corporate to underground industries, to a unique “Ethical Hacking” conference. In two days, they will present and debate the latest security threats, disclose current vulnerabilities, and share information crucial to the… Read More
Low-Hanging Fruit Anyone? Why cyber-criminals are looking for you.
Cyber-crime is largely a crime of opportunity. Just like a burglar cases the neighborhood looking for easy pickings. Cyber-criminals case the Internet looking for victims who make it easier to steal from them, the companies they lead or belong to. By adhering to the Security Trifecta® and implementing a proactive cyber security strategy based in… Read More
Looking back on 2014
Looking back on the past year, I have a lot to be thankful for and I think it’s important to share appreciation with those who have made an impact along the way. There has been so much growth both personally and professionally this year I wonder where 2014 actual went! The highlights and Oscar-like accolades… Read More
The New Social Security: When Social Media Meets Social Engineering
The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More
Survival Guidance! Resource for SSAE 16 SOC 2 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 2 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! Resource for SSAE 16 SOC 1 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 1 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! FedRAMP and FISMA Resource for Assessing the Security Controls in Federal Information Systems and Organizations
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the security controls in federal information systems and organizations free. This is a resource based on the NIST 800-53A framework you may freely use to conduct your organization’s FedRAMP, HIPAA or best practice based security audits. Your results are private and the output… Read More
The Security Trifecta – Governance Made Easy: CISO Executive Summit Keynote
The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the CISO Executive Summit this year and getting the opportunity to collaborate, strategize and even in some cases, commiserate with my information security comrades from across the industry. The good folks at Evanta organized the event with direction from the event’s… Read More
Download Premium Content: Governance Documentation and Information Technology Security Policies Demystified
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
The HORSE Project has an app!
Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More
PenTest Magazine: The Security Trifecta – IT Security Governance Demystified
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Thank You CSO Magazine Online!
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
Re-post: Your Employee Is an Online Celebrity. Now What Do You Do?
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations. The original article is here: Personally, I considered it an excellent thought-provoking article! It points… Read More
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
Possible Implications of FCRA Actions?
On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers… Read More
1 MILLION PLUS VIEWS!
I’m excited to announce that the Holistic Operational Readiness Security Evaluation (HORSE) project wiki has surpassed the 1 million mark in page views by subscribers like you. If you don’t know what the HORSE Project is, browse on over to the site and see why it is one of the best, freely available authorities in… Read More
The Death of Privacy?
Today, I propose we declare the death of privacy. In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost… Read More
David (Michael) v. Goliath (Register.com)
I have several domain names registered. Over the years, the registrars I’ve used at times have changed and this is driven largely by competitive parking prices. A domain is very much like an automobile. You make a visit to the dealership (registrar) and purchase the vehicle of choice. You make regular payments and enjoy your… Read More
New PCI Data Security Standards for Cloud Compliance
The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:
National Office for Cyberspace and H.R. 4900
A funny thing happened along the way while I was busy revising and adding content to the HORSE Wiki. My focus last week was primarily on Federal guidance such as NIST special publications and FISMA guidelines. Well apparently there are more folks tuned into that station it turns out when a very close government colleague… Read More
HORSE Project Wiki is now on Linkedin.com
The Holistic Operational Readiness Security Evaluation, also known as the HORSE Project, is now on Linkedin.com. The original wiki is now over four years in production and continues to be a great resource. Participants benefit from potentially earning CPE credits when they write original page plus contributions to the wiki. It also looks great on… Read More
A horse by any other name ….
If I were to be asked by anyone which volunteer activity I am most proud of, it would be my brain-child pet project known globally as the HORSE Project. The Holistic Operational Readiness Security Evaluation (HORSE) project has been a four year commitment to the education, enlightenment, collaboration, knowledge sharing, and awareness of the global… Read More
Crown Jewels and Encryption Opportunities
As long as there is a need to accept, transmit and store personal and financial information, organized criminals and other self-righteous entities will attempt to breach the caretaker’s enterprise to obtain this information. Mastering the art and science of information security is an elusive quest. Few will ever achieve their goal. Few will ever reach… Read More
Juris Doctor 37 of 215
The network has been fixed, upgrades, migrated, and virtualized. Nothing brings about change better and faster than catastrophe. I have been virtualizing and consolidating my network from thirty servers on five network segments down to five servers on three segments. I pulled four racks out of my data room and now have one. On the… Read More