On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:
Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you. In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More
Article Reprint: http://www.ecommercetimes.com/story/How-E-Commerce-Apps-Are-Putting-Your-Site-at-Risk-70964.html?wlc=1286281687&wlc=1286300892 Many developers do not overlook security on purpose; it’s just that the focus is usually on feature and functionality, not the nuts and bolts of building a secure software application. These technical oversights can leave a relatively easy opening for attackers to leverage. Cross-site scripting or data source injection are the most… Read More
Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More
mdpeters New blog post: Weekly Digest for April 15th https://michaelpeters.org/?p=1419 [obDADkenobi]. mdpeters posted . mdpeters New blog post: Beef Stew https://michaelpeters.org/?p=1422 [obDADkenobi]. mdpeters is completing his application package for ISACA’s – Certified in Risk and Information Systems Control (CRISC) certification. [obDADkenobi]. mdpeters posted User:Firemedic510. mdpeters New blog post: The IT-Legal Liaison Role: A (Very) Small… Read More
mdpeters New blog post: Weekly Digest for March 25th https://michaelpeters.org/?p=1370 [obDADkenobi]. mdpeters posted User:Imfrom51. mdpeters posted . mdpeters posted 5 items. Risk management plan File:ITRM-Lifecycle.jpg Compliance Risk management plan FISMA mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 3 https://michaelpeters.org/?p=1376 [obDADkenobi].
If I were to be asked by anyone which volunteer activity I am most proud of, it would be my brain-child pet project known globally as the HORSE Project. The Holistic Operational Readiness Security Evaluation (HORSE) project has been a four year commitment to the education, enlightenment, collaboration, knowledge sharing, and awareness of the global… Read More
The legal profession, in one form or another, as existed for thousands of years. As with any activity, experience and practice helps us become more proficient, more accurate, more profound. Information security and regulatory activities are relative newcomers in the holistic picture. These pursuits also require vigilance and practice. An interesting phenomenon I believe is… Read More
The former Lazarus Alliance Incorporated is being reorganized as Lazarus Alliance LLC. The corporate focus will continue to be Information Security and Compliance consulting services, but, we will gradually be adding Legal services. In time, I intend on offering premiere comprehensive international services focused upon information security. Basically, Lawyers who are actually technically savvy. The… Read More
I was honored to be interviewed by Jeff Combs of Alta Associates for an article in the September 2008 ISSA Journal. We discussed the blurring lines between information security, law, and compliance at it relates to technology.