A Decade of SOX: Knowledge is your friend; Ignorance is your enemy

We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements.… Read More

The Truth about ID Theft: No fear mongering, no snake oil, just simple advice.

After years of advising corporations, investment firms and being directly involved with helping people understand what identity theft is and making recommendations on how they might thwart criminals from turning them into victims. I decided to revisit the topic and share a simple checklist approach to prevent identity theft. With just a few simple steps… Read More

In Harm’s Way: The CISO’s Dangerous Tour of Duty

I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For… Read More

The Security Trifecta – Governance Made Easy: CISO Executive Summit Keynote

The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the CISO Executive Summit this year and getting the opportunity to collaborate, strategize and even in some cases, commiserate with my information security comrades from across the industry. The good folks at Evanta organized the event with direction from the event’s… Read More

The Inmates are Running the Asylum: Why Cyber-criminals are Winning.

I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just… Read More

Reasonable Duty of Care: Data Security and Privacy

You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More

Information Security By the Numbers

The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More

Possible Implications of FCRA Actions?

On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers… Read More

Uninsured – Underinsured Information Highway Motorists

On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More

Shot Down in Flames! – That ROI for security or litigation is in jeopardy.

  The Return on Investment, aka ROI, is an essential financial measurement for any business venture and one that must be positive, or at least neutral, in order to demonstrate the viability of the proposition being examined. There are certain essential business functions however that does not provide a return on your investment; and two… Read More

Would you buy a car without seat belts?

Recent headlines said, “Network ransacked in huge brute-force attack” (Source: The Register) and “Hackers break SSL encryption used by millions of sites” (Source: Huffington Post) among many other security and privacy news that fill the news outlets every time I look and listen. The problem is not some new phenomenon, but one that continues to… Read More

The Death of Privacy?

Today, I propose we declare the death of privacy. In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost… Read More

Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe

Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More

HORSE Project Wiki is now on Linkedin.com

The Holistic Operational Readiness Security Evaluation, also known as the HORSE Project, is now on Linkedin.com. The original wiki is now over four years in production and continues to be a great resource. Participants benefit from potentially earning CPE credits when they write original page plus contributions to the wiki. It also looks great on… Read More

Crown Jewels and Encryption Opportunities

As long as there is a need to accept, transmit and store personal and financial information, organized criminals and other self-righteous entities will attempt to breach the caretaker’s enterprise to obtain this information. Mastering the art and science of information security is an elusive quest. Few will ever achieve their goal. Few will ever reach… Read More

Cloud Computing: Part 2

Internet information exchange and commerce has matured to the point that we cannot imagine how we would run our businesses without technology anymore. We have created elaborate systems and constructed solid disaster recovery and business continuity mechanisms to protect our digital assets. Until recently, these Internet facing systems have resided on dedicated computers that we… Read More

Incorporation

The former Lazarus Alliance Incorporated is being reorganized as Lazarus Alliance LLC. The corporate focus will continue to be Information Security and Compliance consulting services, but, we will gradually be adding Legal services. In time, I intend on offering premiere comprehensive international services focused upon information security. Basically, Lawyers who are actually technically savvy. The… Read More