Part 1: Risk and Security in Modern Systems “Risk “is a term gaining real traction in any industry where cybersecurity regulations impact businesses. Many frameworks and regulations are turning to risk management as a proactive and comprehensive approach to security management. This shift can mean big changes for enterprises that aren’t generally considering risk as… Read More
The Internal Revenue Service is one of the largest and most essential federal government agencies… which means that there is a lot of opportunity for third-party contractors and managed service providers to offer products to support its mission. It also means that these contractors will be expected to adhere to security standards, specifically those outlined… Read More
Following the continuous rage of the COVID-19 pandemic, organizations face a difficult task to secure the workload and devices of the employees scattered around the world. As a home has become the new office, it unveiled serious organizational cybersecurity gaps. Experts say that simply installing antivirus software or encrypting traffic on a company-issued MacBook is… Read More
Corporate compliance is a major undertaking for a few reasons–IT systems become complex, work forces grow to hundreds of individuals with different levels of access to information and public corporations must file difficult financial and security attestations annually to prevent fraud. One of the essential forms of financial and IT compliance for publicly-traded companies in… Read More
NIST proposes a Secure Software Development Framework to address software supply chain attacks Applying software updates and patches as soon as possible is a cyber security best practice, but what if an update contains malicious code inserted by a hacker? Software supply chain attacks are a serious and growing problem for both private-sector organizations and… Read More
My career has been and adventure along the scenic route speaking conservatively which I rarely do. My number one goal is to be the best example for what I choose to focus my attention on. I rose in the corporate ranks pretty quickly and helped define what it really means to be a Chief Information… Read More
I’m honored to be invited to EC-Council’s TakeDownCon keynote speaker for the 2015 event. TakeDownCon brings together information security researchers and technical experts from corporate to underground industries, to a unique “Ethical Hacking” conference. In two days, they will present and debate the latest security threats, disclose current vulnerabilities, and share information crucial to the… Read More
Updated May 4, 2019 Privacy Policy As set forth in Lazarus Alliance’s Global Code of Conduct: “We respect the confidentiality and privacy of our clients, our people and others with whom we do business”. It is the Privacy Policy of Lazarus Alliance to comply with the requirements of the General Data Protection Regulation (GDPR) and… Read More
A disturbing trend is emerging within the service provider space of cloud services in the form of deceptive spin doctoring and outright deceptions in plain site. If you are a consumer of any of the plethora of services available and seeking to potentially enlist the services of the myriad of contending vendors, it behooves you to… Read More
In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we voluntarily add our behavioral attributes to the associated handlers of our digital DNA almost entirely without consideration for personal privacy. We will review… Read More
While pondering the recent Target and Neiman Marcus breaches and many of those that have come before, I cannot help myself but to look for common denominators. If you compare these companies to your house, there are doors and windows that allow movement into and out of those houses. If you open a window and it… Read More
We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements.… Read More
I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For… Read More
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations. The original article is here: Personally, I considered it an excellent thought-provoking article! It points… Read More
The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly… Read More
Midwest Book Review’s Editor-in-Chief Jim Cox writes: “Along with the general economy, the job market crash that began in 2008 and which is starting to recover some four years later is still highly competitive and highly volatile. This is as true for executive level corporate officer as it is for the industrial line worker. Drawing… Read More
Have you ever wondered what happens to all those queries given to SIRI or IRIS on your smartphones? Millions of people should be concerned and so should public and private sector organizations. For those of you who are not up to speed on what SIRI or IRIS is, I’ll explain. Basically, they are two applications… Read More
Logan, Midwest Book Review writes: “Along with the general economy, the job market crash that began in 2008 and which is starting to recover some four years later is still highly competitive and highly volatile. This is as true for executive level corporate officer as it is for the industrial line worker. Drawing upon his… Read More
Elections for the 2012 International Board of Directors are now going on! I am a candidate for the two-year term and I would appreciate your vote as an ISSA member in good standing. There are 13 candidates vying for 5 director positions. About Me I have been an independent information security consultant, executive, researcher, author, and… Read More
I had the pleasure of being invited to Macon State College for an information security presentation to a great group of students and professors. We had a lively discussion about the three facets of The Security Trifecta: Governance, Technology, and Vigilance. One of the things I enjoy most are the creative minds that represent the… Read More
Securing the C Level: Getting, Keeping or Reclaiming that Executive Title ISBN-13: 978-1467968829 ISBN-10: 146796882X ISBN-eBook: 978-1-62112-227-2 Want the E-PUB E-Book version instantly? Get it here: [wp_eStore:product_id:1:end] Now on Amazon and other book store locations! In the news! PR NewsChannel Homepage CBS Marketwatch CBS Chicago Daily Herald – Suburban Chicago Business Insider WLS Chicago TV… Read More
Recent headlines said, “Network ransacked in huge brute-force attack” (Source: The Register) and “Hackers break SSL encryption used by millions of sites” (Source: Huffington Post) among many other security and privacy news that fill the news outlets every time I look and listen. The problem is not some new phenomenon, but one that continues to… Read More
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More