Information Security By the Numbers

The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More

Embargo to Espionage: A Cursory Review of the Shamoon Virus

There has been very little coverage about a new usage of the latest class of cyber-weapons, specifically one dubbed the Shamoon Virus. The most likely reason for this is that it did not affect western interests more so than it did middle-eastern state interests. Specifically, the sabotage of computers at state oil giant Saudi Aramco… Read More

2012 Louisville Metro InfoSec Conference

I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More

Dichotomy

  As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More

Symbiotic Mutualism: A BYOD Love Story

The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly… Read More

Possible Implications of FCRA Actions?

On August 8, 2012, the Federal Trade Commission settled with HireRight Solutions, Inc. (“HireRight”) for failure to comply with certain Fair Credit Reporting Act (“FCRA”) requirements. According to the FTC’s complaint, HireRight provides background reports on current and prospective employees to thousands of employers. These background reports contain public record information, including criminal histories. Employers… Read More

Risk Management CPM Model

I recently wrote an article about IT risk management and created several illustrations. One in particular stands by itself in terms of depicting a holistic view of the whole risk management life cycle in a critical path method model which I thought would be worth sharing. It would be useful to your ISO 27005 or… Read More

ISSA Hall of Fame recipient

Yesterday I received wonderful and humbling news from Kevin Richards, International President of the Information Systems Security Association that I’m being inducted into the ISSA Hall of Fame. In the realm of information security, this could probably be compared to the Hollywood Oscars. It is tremendously exciting and as I’ve mentioned, very humbling for me to… Read More

PCI – The Supermassive Small Merchant Black Hole

Existing in the commerce galaxy, the vast majority of merchants are doing “traveling” or business without proper safety controls or rather, information security controls in place. While I know of no single solution or silver bullet that can be purchased or leveraged to ensure absolute information security, there are many ways your store and customer… Read More

MENA ISC 2012 – The Security Trifecta™ – Day 2

The second day of MENA ISC 2012 was action packed with many great presentations. I had many engaging conversations with quite a few delegates. Discussing The Security Trifecta was of course a favorite topic of mine. What really matters was the overarching theme that was delivered by many speakers was in getting control of information… Read More

My comments about Virtuport and MENA ISC 2012.

Several exceptional facets of MENA ISC 2012 became quite apparent to me during my attendance and participation in the Middle East North Africa Information Security Conference. First, what a truly impressive assembly of international security experts and delegates. People attending were engaged, inquisitive, and very collaborative which is a vital component in mastering the global… Read More

MENA ISC 2012 – The Security Trifecta™

It’s off to Amman Jordan today to spend the week at the Middle East North Africa Information Security Conference (MENA ISC 2012) where I’ll be presenting The Security Trifecta: Information Security by the Numbers. The concept is an accessible and highly sustainable pragmatic approach toward achieving enterprise security; both physical and digital. The Security Trifecta… Read More

Macon State College – School of Information Technology

I had the pleasure of being invited to Macon State College for an information security presentation to a great group of students and professors. We had a lively discussion about the three facets of The Security Trifecta: Governance, Technology, and Vigilance. One of the things I enjoy most are the creative minds that represent the… Read More