Logan, Midwest Book Review writes: “Along with the general economy, the job market crash that began in 2008 and which is starting to recover some four years later is still highly competitive and highly volatile. This is as true for executive level corporate officer as it is for the industrial line worker. Drawing upon his… Read More
Meet the Candidate for Your ISSA International Board of Directors – Michael Peters
Elections for the 2012 International Board of Directors are now going on! I am a candidate for the two-year term and I would appreciate your vote as an ISSA member in good standing. There are 13 candidates vying for 5 director positions. About Me I have been an independent information security consultant, executive, researcher, author, and… Read More
PCI – The Supermassive Small Merchant Black Hole
Existing in the commerce galaxy, the vast majority of merchants are doing “traveling” or business without proper safety controls or rather, information security controls in place. While I know of no single solution or silver bullet that can be purchased or leveraged to ensure absolute information security, there are many ways your store and customer… Read More
MENA ISC 2012 – The Security Trifecta™ – Day 2
The second day of MENA ISC 2012 was action packed with many great presentations. I had many engaging conversations with quite a few delegates. Discussing The Security Trifecta was of course a favorite topic of mine. What really matters was the overarching theme that was delivered by many speakers was in getting control of information… Read More
My comments about Virtuport and MENA ISC 2012.
Several exceptional facets of MENA ISC 2012 became quite apparent to me during my attendance and participation in the Middle East North Africa Information Security Conference. First, what a truly impressive assembly of international security experts and delegates. People attending were engaged, inquisitive, and very collaborative which is a vital component in mastering the global… Read More
MENA ISC 2012 – The Security Trifecta™
It’s off to Amman Jordan today to spend the week at the Middle East North Africa Information Security Conference (MENA ISC 2012) where I’ll be presenting The Security Trifecta: Information Security by the Numbers. The concept is an accessible and highly sustainable pragmatic approach toward achieving enterprise security; both physical and digital. The Security Trifecta… Read More
Macon State College – School of Information Technology
I had the pleasure of being invited to Macon State College for an information security presentation to a great group of students and professors. We had a lively discussion about the three facets of The Security Trifecta: Governance, Technology, and Vigilance. One of the things I enjoy most are the creative minds that represent the… Read More
The Security Trifecta™: an introduction.
I was reading a news article this morning about another security debacle at NASA involving the theft of a laptop containing the command and control codes for some high-tech toys like the International Space Station. The thing that amazed me the most was not that NASA would be a high value target, but that… Read More
Books by Michael D. Peters
Securing the C Level: Getting, Keeping or Reclaiming that Executive Title ISBN-13: 978-1467968829 ISBN-10: 146796882X ISBN-eBook: 978-1-62112-227-2 Want the E-PUB E-Book version instantly? Get it here: [wp_eStore:product_id:1:end] Now on Amazon and other book store locations! In the news! PR NewsChannel Homepage CBS Marketwatch CBS Chicago Daily Herald – Suburban Chicago Business Insider WLS Chicago TV… Read More
Uninsured – Underinsured Information Highway Motorists
On the information freeway, the vast majority of the population is driving ninety miles per hour (144 KPH) without insurance; this includes business entities as well. In the United States, as in many other countries as well, the law dictates that a person possess a minimum level of automobile insurance to protect the financial stability… Read More
Shot Down in Flames! – That ROI for security or litigation is in jeopardy.
The Return on Investment, aka ROI, is an essential financial measurement for any business venture and one that must be positive, or at least neutral, in order to demonstrate the viability of the proposition being examined. There are certain essential business functions however that does not provide a return on your investment; and two… Read More
Easiest way to breach a bank? Just hold-em-mop!
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More
The PCI Challenge
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe
Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More
Juris Doctor 130-133 of 161
I’ve thoroughly enjoyed Cyberspace Law over the past three weeks exploring subject matter in ISP Liability for Speech, Anonymous Communications in Cyberspace, and Content Regulation in Cyberspace. A particular facet I have derived more amusement from than normal is concerned with the concept of anonymity. From a technical perspective, true anonymity does not actually exist.… Read More
Juris Doctor 121-126 of 161
I’ve mentioned before that the focus of this doctoral program I am nearing completion with is focused on cyberspace law in the federal and international law sectors. There are a few things about what I have learned that are hysterical from my particular perspective. First, these technology courses I am participating in are really almost… Read More
What’s in a name?
Prior to April Fools’ Day, 2011, you probably had never heard of Epsilon Data Management, right? I’d wager, however, that this email marketing firm has heard of you. In excess of 250 million email account names were pirated from the marketing services firm, vaulting this to what may be the largest breach of personal information… Read More
Juris Doctor 120 of 161 – AKA Beer Breach
I have a natural passion for keeping people safe and secure as many of you know. I also have a real passion for technology law which might be evidenced by the doctoral pursuit in law. I also follow the news looking for cases that have been adjudicated and what the verdict or in most cases,… Read More
Juris Doctor 118-119 of 161
While I was doing some research on consumer protections in my Cyberspace Law class, I encountered the following policy that is certainly on the horizon for consumer protections. You can find the original press release here: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework, The Department of Commerce internet policy… Read More
Mobility Madness: Securely Extending Commerce to Mobile Users
With any emerging information technology, particularly those that interweave financial transactions, such as commerce and banking, one of the first concerns should be security. With an exponentially increasing number of consumers using mobile payment technologies, there is increased scrutiny of the precautions retailers are taking to guard these transactions. For retailers with mobile commerce sites… Read More
Domestic Terrorism
According to a recent analysis conducted by Akamai, out of the all the cyber-attacks observed originating from the 209 unique countries around the world identified, the United States was the top attack traffic source, accounting for 12% of observed attack traffic in total. Russia and China held the second and third place spots respectively, accounting… Read More
How E-Commerce Apps Are Putting Your Site at Risk
Article Reprint: http://www.ecommercetimes.com/story/How-E-Commerce-Apps-Are-Putting-Your-Site-at-Risk-70964.html?wlc=1286281687&wlc=1286300892 Many developers do not overlook security on purpose; it’s just that the focus is usually on feature and functionality, not the nuts and bolts of building a secure software application. These technical oversights can leave a relatively easy opening for attackers to leverage. Cross-site scripting or data source injection are the most… Read More
Gearing Up for the Holidays? So Are Cyber-Criminals
Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More
Certified in Risk and Information Systems Control (CRISC)
I’ve received a Certified in Risk and Information Systems Control (CRISC) certification number of 1000201. I personally believe that the CRISC will be the industry standard for risk management just as the CISSP has been for information security practitioners. I certainly recommend pursuing this certification.