Uninsured – Underinsured Information Highway Motorists

On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More

The PCI Challenge

It is frequently in the news.  Reports have been written.  Punitive and compensatory damages have been awarded.  Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More

New PCI Data Security Standards for Cloud Compliance

The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:

What’s in a name?

Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you.  In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More

How E-Commerce Apps Are Putting Your Site at Risk

Article Reprint: http://www.ecommercetimes.com/story/How-E-Commerce-Apps-Are-Putting-Your-Site-at-Risk-70964.html?wlc=1286281687&wlc=1286300892 Many developers do not overlook security on purpose; it’s just that the focus is usually on feature and functionality, not the nuts and bolts of building a secure software application. These technical oversights can leave a relatively easy opening for attackers to leverage. Cross-site scripting or data source injection are the most… Read More

Gearing Up for the Holidays? So Are Cyber-Criminals

Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More

Weekly Digest for April 22nd

mdpeters New blog post: Weekly Digest for April 15th https://michaelpeters.org/?p=1419 [obDADkenobi]. mdpeters posted . mdpeters New blog post: Beef Stew https://michaelpeters.org/?p=1422 [obDADkenobi]. mdpeters is completing his application package for ISACA’s – Certified in Risk and Information Systems Control (CRISC) certification. [obDADkenobi]. mdpeters posted User:Firemedic510. mdpeters New blog post: The IT-Legal Liaison Role: A (Very) Small… Read More

Weekly Digest for April 1st

mdpeters New blog post: Weekly Digest for March 25th https://michaelpeters.org/?p=1370 [obDADkenobi]. mdpeters posted User:Imfrom51. mdpeters posted . mdpeters posted 5 items. Risk management plan File:ITRM-Lifecycle.jpg Compliance Risk management plan FISMA mdpeters New blog post: Now Reading: Irrefutable Laws of Leadership – 3 https://michaelpeters.org/?p=1376 [obDADkenobi].

A horse by any other name ….

If I were to be asked by anyone which volunteer activity I am most proud of, it would be my brain-child pet project known globally as the HORSE Project. The Holistic Operational Readiness Security Evaluation (HORSE) project has been a four year commitment to the education, enlightenment, collaboration, knowledge sharing, and awareness of the global… Read More

The lines are blurring

The legal profession, in one form or another, as existed for thousands of years. As with any activity, experience and practice helps us become more proficient, more accurate, more profound. Information security and regulatory activities are relative newcomers in the holistic picture. These pursuits also require vigilance and practice. An interesting phenomenon I believe is… Read More

Incorporation

The former Lazarus Alliance Incorporated is being reorganized as Lazarus Alliance LLC. The corporate focus will continue to be Information Security and Compliance consulting services, but, we will gradually be adding Legal services. In time, I intend on offering premiere comprehensive international services focused upon information security. Basically, Lawyers who are actually technically savvy. The… Read More