I am definitely having fun with my Cyberspace Law class this term. The course concludes this December so I have the rest of the year to immerse myself into a synergistic subject area. It is widely held that in general, lawyer’s knowledge about computers, and predictions they make about new technology, are highly likely to… Read More
Weekly Digest for July 1st
mdpeters New blog post: Weekly Digest for June 24th https://michaelpeters.org/?p=4405 [obDADkenobi]. mdpeters New blog post: Retail Execs – Social Media: The Argument For and Against! https://michaelpeters.org/?p=4443 [obDADkenobi]. mdpeters Blog Updates Retail Execs Social Media: The Argument For and Against! http://ow.ly/17RUW7 [obDADkenobi]. mdpeters Unsubscribe! ! [obDADkenobi]. mdpeters posted 2 items. User:Spat User:Spat mdpeters New blog post:… Read More
Weekly Digest for June 17th
mdpeters New blog post: Weekly Digest for June 10th https://michaelpeters.org/?p=2490 [obDADkenobi]. mdpeters Blog Updates Weekly Digest for June 10th – mdpeters Blog Updates The not-so-funny thing about passwords There is an… http://ow.ly/17GT8E [obDADkenobi]. mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 9 https://michaelpeters.org/?p=2628 [obDADkenobi]. mdpeters Blog Updates Now Reading: Irrefutable Laws of… Read More
Spin cycle
Social media has provided the conduit for any single human to broadcast any message potentially towards a global audience. Within the average twenty-four hour mainstream media cycle, the amateur media cycle occurs exponentially more rapidly. This kinetic potential encompasses the electronic globe in seconds. It has nothing to do with some technical savvy or ability… Read More
About Michael Peters
About Michael Peters Michael Peters is the CEO of Lazarus Alliance, Inc. Continuum GRC, and the HORSE Project – Lazarus Alliance Foundation, Inc. and has served as an independent information security consultant, executive, researcher and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive… Read More
FedRAMP and Penetration Testing Guidance Updates in 2024
Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements. The new guidance addresses new attack vectors targeting subsystems in IT infrastructure. Here, we’ll cover his newest… Read More
What Is NIST 800-172 and Advanced Security Structures
The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.
Incident Response and the Responsibility of Your Organization for Protecting Data
As the recent Ivanti security breaches indicate, the existence of a strong and effective incident response isn’t an option but a necessity. An incident response plan (IRP) is essential to prepare an organization to respond to any security incident effectively and on time. This plan spells out processes that an organization should undergo in case… Read More
What Is Proactive Cybersecurity? Preparing for Threats Before They Strike
Modern cybersecurity is about more than just reacting to threats as they emerge. Adopting proactive cybersecurity measures is not just a strategic advantage; it’s an operational necessity that can spell the difference between business as usual and breaches that erode customer trust and shareholder value. Whether you’re a cybersecurity veteran or new to the domain,… Read More
What Are the Biggest Challenges to Cybersecurity in 2023?
As we navigate through 2023, the digital frontier continues to expand, bringing forth numerous novel opportunities and, regrettably, a myriad of cybersecurity threats. These cyber threats are not simply an IT concern; they have profound implications for business continuity, customer trust, and national security. Understanding these risks and their evolution is the first step in… Read More
GDPR Article 32 and the Security of Processing
The General Data Protection Regulation (GDPR) is one of the strongest security and privacy frameworks in operation in the world. Of this regulation, Article 32 stands out among its numerous guidelines as it deals explicitly with the “security of processing” of personal data. This piece aims to demystify GDPR Article 32, breaking down its requirements… Read More
What Is SOC 2 with Additional Subject Matter (SOC 2+)?
The Service Organization Control 2 (SOC 2) report has become, for many organizations and industries, the gold standard in security and integrity. While SOC 2 can be relatively comprehensive, more than the basic SOC 2 may be needed as regulatory and industry landscapes evolve. Enter SOC 2+, also known as a SOC 2 report with… Read More
What Does the HIPAA Security Rule Say About Mobile Computing?
With modern computing increasingly moving into a mobile paradigm of remote workers, laptops, and smart devices, the threat to security in various industries is only increasing. This is no more true than in healthcare, where HIPAA breaches related to mobile devices are becoming more common. This article will discuss the HIPAA security rule, how it… Read More
What Is NIST Special Publication 800-115 and What Does it Say About Penetration Testing?
As technology advances, the need for effective cybersecurity measures becomes increasingly important. The necessity for regular testing, including penetration testing, has raised awareness of best practices and standards for such assessments. The National Institute of Standards and Technology (NIST) has developed comprehensive guidelines and standards to help organizations safeguard their information systems from cyber threats.… Read More
What Is the Lifecycle of an Advanced Persistent Threat?
Advanced Persistent Threats (APTs) are some of the most dangerous and persistent cyberattacks that organizations face today. Understanding the APT lifecycle is crucial for organizations looking to protect their sensitive data and networks against these attacks. The APT lifecycle consists of several stages: reconnaissance, initial compromise, establishing persistence, escalation of privileges, lateral movement, data exfiltration,… Read More
What Are Advanced Persistent Threats (APTs)?
Unlike traditional cyberattacks, advanced persistent threats are often carried out by well-funded and highly skilled threat actors who use a range of techniques to gain and maintain access to a target’s network and data for an extended period of time. As the number of APT attacks continues to rise, businesses of all sizes need to… Read More
What Is ISO 27018 and How Does it Apply to Cloud Providers?
ISO/IEC 27018 establishes commonly accepted control objectives to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for cloud providers offering public infrastructure and services. It is a critical document for these providers seeking to instill the trustworthiness of their systems in their customers and clients. Learn more about ISO… Read More
What Is the Europrivacy Hybrid Certification Model?
GDPR has needed a centralized assessment and certification model for some time now. Still, with the plethora of certifications and standards covering different business contexts, there has yet to be a single approach that has risen to the top of the heap. However, the governing bodies of GDPR have authorized the new Europrivacy standard to… Read More
StateRAMP Requirements for Vulnerability Scanning
Ongoing maintenance and upkeep are a cornerstone of all cybersecurity regulations and frameworks. And for a good reason. The rapidly changing threat landscape that businesses and government agencies face daily necessitates an ever-vigilant approach to cybersecurity. Vulnerability scanning is an important part of compliance and security across almost every data-driven industry. Here, we’re discussing what StateRAMP… Read More
Timeline for PCI DSS 4.0: The Twelfth Requirement, Policies, and Programs
So, after a long journey, we’ve arrived at the twelfth and final requirement for PCI DSS 4.0. Last but certainly not least, this requirement emphasizes the need for creating, documenting, and implementing organization-wide security and compliance policies.
Timeline for PCI DSS 4.0: The Ninth Requirement and Physical Access Security
When thinking about cybersecurity, many stakeholders outside the industry will rarely consider the physical systems supporting digital information. And yet, almost any security framework worth its salt will have some provision for securing physical systems and environments. PCI DSS 4.0 is no different, and the ninth requirement is dedicated to just this topic. This article… Read More
Timeline for PCI DSS 4.0: The Sixth Requirement and Maintaining Secure Systems
Software, whether a locale installation or a web application, carries the risk of attack. While phishing and other social engineering attacks are some of the most common forms of a system breach, hackers still go for open vulnerabilities in software, whether due to bugs or misconfigured settings. That’s why the sixth requirement of the PCI… Read More
Cybersecurity and Malicious Software: A History of Malware
In the earliest days of what could be considered cybersecurity, the primary threats were malicious programs that would operate against the wishes of the machine and its operator. These programs, referred to as viruses, served as the progenitors of what we generally refer to in modern parlance as malicious software or “malware.” Because the long… Read More
Three Examples of PCI DSS Non-Compliance and What You Can Learn from Them
The public and private sectors have been increasingly under assault by hackers looking to take information–whether for espionage, blackmail, or profit. And while some of the past few years’ high-profile government and industrial attacks have been at the center of many cybersecurity stories, the reality is that hacks in the retail and consumer spaces have… Read More