A Decade of SOX: Knowledge is your friend; Ignorance is your enemy

We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements.… Read More

In Harm’s Way: The CISO’s Dangerous Tour of Duty

I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For… Read More

Buyer Beware

Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last… Read More

Dichotomy

  As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More

My comments about Virtuport and MENA ISC 2012.

Several exceptional facets of MENA ISC 2012 became quite apparent to me during my attendance and participation in the Middle East North Africa Information Security Conference. First, what a truly impressive assembly of international security experts and delegates. People attending were engaged, inquisitive, and very collaborative which is a vital component in mastering the global… Read More

What’s in a name?

Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you.  In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More

Juris Doctor 120 of 161 – AKA Beer Breach

I have a natural passion for keeping people safe and secure as many of you know. I also have a real passion for technology law which might be evidenced by the doctoral pursuit in law. I also follow the news looking for cases that have been adjudicated and what the verdict or in most cases,… Read More

Domestic Terrorism

According to a recent analysis conducted by Akamai, out of the all the cyber-attacks observed originating from the 209 unique countries around the world identified, the United States was the top attack traffic source, accounting for 12% of observed attack traffic in total. Russia and China held the second and third place spots respectively, accounting… Read More

How E-Commerce Apps Are Putting Your Site at Risk

Article Reprint: http://www.ecommercetimes.com/story/How-E-Commerce-Apps-Are-Putting-Your-Site-at-Risk-70964.html?wlc=1286281687&wlc=1286300892 Many developers do not overlook security on purpose; it’s just that the focus is usually on feature and functionality, not the nuts and bolts of building a secure software application. These technical oversights can leave a relatively easy opening for attackers to leverage. Cross-site scripting or data source injection are the most… Read More

Gearing Up for the Holidays? So Are Cyber-Criminals

Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More

Juris Doctor 85 of 215

So I’ve been spending a bit of time with the Federal Rules of Civil Procedure and I of course look for connections to the activities I’m involved in such as my day job as Chief Information Security Officer. A trend that I’ve commentated upon heavily over the past two years concentrates on what is being… Read More

ISSA Senior Member Nomination

I was humbled and honored to be nominated by the Board of Directors of the Kentuckiana ISSA chapter in Louisville Kentucky for ISSA Senior Member. I’ve been out of the Kentuckiana territory for a number of years to be the Chief Information Security Officer for Colonial Bank (Now BB&T Bank). I’ve been a member of… Read More