I’m excited to announce that the Holistic Operational Readiness Security Evaluation (HORSE) project wiki has surpassed the 1 million mark in page views by subscribers like you. If you don’t know what the HORSE Project is, browse on over to the site and see why it is one of the best, freely available authorities in… Read More
Consumer Reality Check – Lifting the Veil on PCI DSS
I read an article entitled “Global Payments has some explaining to do” (Source: CSO) today and there were some interesting points made by Bill Brenner, managing editor of CSO. He asked specifically, “How on Earth were they designated PCI compliant in the first place? What were the specific actions they took to improve security and… Read More
CrossView CISO Publishes New Security Series
In the March 2012 edition of the CrossView Wire, among the many progressive features is news coverage about my latest book Governance Documentation and Information Technology Security Policies Demystified. CrossView is a premier provider of cross-channel commerce solutions and services that enable a smarter, more personalized shopping experience. Their software unifies the Web, stores, call… Read More
CISO Interview Series – Michael Peters
Interview with Tim Heard and InfoSec Institute. I had the honor and pleasure of being interviewed by Tim Heard for a new feature that InfoSec Institute is running called CISO Interview Series. The article may be found at InfoSec Institutes site. About the Author Tim Heard is the founder and president of eSearch Associates,… Read More
The Security Trifecta™: an introduction.
I was reading a news article this morning about another security debacle at NASA involving the theft of a laptop containing the command and control codes for some high-tech toys like the International Space Station. The thing that amazed me the most was not that NASA would be a high value target, but that… Read More
Failure to Communicate: Pending US Congressional Orwellian Bills Threaten the Internet
In the spirit of the holiday season, three wise men, actually law professors, following an analysis, are warning that the proposed intellectual property PROTECT IP (Source: PROTECT IP) and the Stop Online Piracy Act (SOPA) (Source SOPA) legislation, currently working their way through Congress, will damage the world’s DNS system, cripple attempts to get better… Read More
Are You Alert?
The world is full of information and it is becoming more transparent and more accessible to more people every day. This technological paradigm shift enables the individual and the organizational entities to discover more about another person or item of interest or even themselves. It becomes increasingly important to, where possible, control your digital spin.… Read More
Reputations
“Say it with roses, say it with mink, say it forever, then say it with hyper-link.” – Michael D. Peters
Uninsured – Underinsured Information Highway Motorists
On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More
Shot Down in Flames! – That ROI for security or litigation is in jeopardy.
The Return on Investment, aka ROI, is an essential financial measurement for any business venture and one that must be positive, or at least neutral, in order to demonstrate the viability of the proposition being examined. There are certain essential business functions however that does not provide a return on your investment; and two… Read More
Would you buy a car without seat belts?
Recent headlines said, “Network ransacked in huge brute-force attack” (Source: The Register) and “Hackers break SSL encryption used by millions of sites” (Source: Huffington Post) among many other security and privacy news that fill the news outlets every time I look and listen. The problem is not some new phenomenon, but one that continues to… Read More
The Death of Privacy?
Today, I propose we declare the death of privacy. In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost… Read More
Getting rid of getbetterlinks
I noticed site content links being introduced through my Firefox browser today. Apparently a browser extension called Betterlinks had been added by Mozilla in the latest updates. Betterlinks supplies alternative locations for content that may be in competition with your site by influencing your searching. My rhetorical question for the day is “Who gets to… Read More
FTC Proposes Significant Changes to the Online Collection of Information from Children rule
The Federal Trade Commission (“Commission”) released on September 15, 2011, its long-awaited proposed amendments to its rule implementing the Children’s Online Privacy Protection Act (“COPPA Rule”). They are accepting comments until November 28, 2011. The Commission is proposing modifications to the COPPA Rule in three key facets:
Machinery
“Some people are just cogs in a machine while others are the machine.” – Michael D. Peters
Easiest way to breach a bank? Just hold-em-mop!
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More
Expanding Security Breach Notification Requirements in California
A new amendment to California’s security breach notification law will raise the stakes for businesses required to give notice of a data security breach affecting California residents. California Senate Bill 24 (“SB 24”), signed by Governor Brown on August 31, 2011, imposes detailed new requirements for the content of security breach notices. Significantly, SB 24… Read More
Geolocational Privacy and Surveillance Act – First Blush
The law does not lead, it follows. Our system is very reactive in nature. It tends to change, without my surprise, like people generally do as a direct result to negative events or influences. Smokers quit following the heart attack and our legal system create laws based upon past events. GPS technology has been around… Read More
The PCI Challenge
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
Insecurity
If you think that absolute security exists you would be absolutely incorrect. Speaking as a security practitioner who has been in the business for as long as there has been a security business, I’ll tell you with a straight face that no technology system exists that is completely secure or one hundred percent impenetrable. The… Read More
Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe
Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More
Dropbox? More Like Dropball!
There has been a putative class action complaint filed on June 22, 2011, in the United States District Court, for the Northern District of California alleging that the popular cloud-based storage provider Dropbox, Inc. failed to secure its users’ private data or to notify the vast majority of them about a recent data breach. According… Read More
How do you transition your IT teams from a technology to business mindset?
It is incumbent upon the technology leadership, who should already have an excellent business grasp, mentor, demonstrate and illustrate what lines of activities comprise the essence of the company’s mission. Only then will the supporting staff be able to accurately support those business activities with an accurate technological layer. If the technology leader does not… Read More
New PCI Data Security Standards for Cloud Compliance
The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders: