With any emerging information technology, particularly those that interweave financial transactions, such as commerce and banking, one of the first concerns should be security. With an exponentially increasing number of consumers using mobile payment technologies, there is increased scrutiny of the precautions retailers are taking to guard these transactions. For retailers with mobile commerce sites… Read More
Domestic Terrorism
According to a recent analysis conducted by Akamai, out of the all the cyber-attacks observed originating from the 209 unique countries around the world identified, the United States was the top attack traffic source, accounting for 12% of observed attack traffic in total. Russia and China held the second and third place spots respectively, accounting… Read More
How E-Commerce Apps Are Putting Your Site at Risk
Article Reprint: http://www.ecommercetimes.com/story/How-E-Commerce-Apps-Are-Putting-Your-Site-at-Risk-70964.html?wlc=1286281687&wlc=1286300892 Many developers do not overlook security on purpose; it’s just that the focus is usually on feature and functionality, not the nuts and bolts of building a secure software application. These technical oversights can leave a relatively easy opening for attackers to leverage. Cross-site scripting or data source injection are the most… Read More
Gearing Up for the Holidays? So Are Cyber-Criminals
Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More
Certified in Risk and Information Systems Control (CRISC)
I’ve received a Certified in Risk and Information Systems Control (CRISC) certification number of 1000201. I personally believe that the CRISC will be the industry standard for risk management just as the CISSP has been for information security practitioners. I certainly recommend pursuing this certification.
Juris Doctor 85 of 215
So I’ve been spending a bit of time with the Federal Rules of Civil Procedure and I of course look for connections to the activities I’m involved in such as my day job as Chief Information Security Officer. A trend that I’ve commentated upon heavily over the past two years concentrates on what is being… Read More
Weekly Digest for April 29th
mdpeters New blog post: Weekly Digest for April 22nd https://michaelpeters.org/?p=1451 [obDADkenobi]. mdpeters posted 2 items. IT Change Management It-governance mdpeters posted 9 items. Microsoft Operations Framework ISO 20000 Change control ISO 20000 Microsoft Operations Framework IT Change Management Microsoft Operations Framework ISO 20000 File:MOF-all.gif mdpeters New blog post: Persistent Blogging 3.0 https://michaelpeters.org/?p=1456 [obDADkenobi]. mdpeters is… Read More
is reminding information secur…
is reminding information security practitioners to participate in the SecTools.Org 2010 User Survey which closes at …http://nmap.org/survey/
Emerging trend or merging trend? I think so!
I’ve been conducting a new job search and what very is interesting to me, and should also be to any job seeker or person who is interested in maintaining their competitive edge, is a noticeable increase in the basic required qualifications and especially the preferred qualifications listed in most job postings. In part I am… Read More
National Office for Cyberspace and H.R. 4900
A funny thing happened along the way while I was busy revising and adding content to the HORSE Wiki. My focus last week was primarily on Federal guidance such as NIST special publications and FISMA guidelines. Well apparently there are more folks tuned into that station it turns out when a very close government colleague… Read More
HORSE Project Wiki is now on Linkedin.com
The Holistic Operational Readiness Security Evaluation, also known as the HORSE Project, is now on Linkedin.com. The original wiki is now over four years in production and continues to be a great resource. Participants benefit from potentially earning CPE credits when they write original page plus contributions to the wiki. It also looks great on… Read More
ISSA Senior Member Nomination
I was humbled and honored to be nominated by the Board of Directors of the Kentuckiana ISSA chapter in Louisville Kentucky for ISSA Senior Member. I’ve been out of the Kentuckiana territory for a number of years to be the Chief Information Security Officer for Colonial Bank (Now BB&T Bank). I’ve been a member of… Read More
Need business to technology al…
Need business to technology alignment, information security, risk management, or some form of expert technology leadership? Look no further.
Like a rocket
A good business colleague and friend once told me, “Dude, you just took off like a rocket!” This comment was made just a few years following my departure from the same company he remained in employment with. In just a few short years I went from being a peer with a similar resume and similar… Read More
Fifth Third Processing Solutio…
Fifth Third Processing Solutions in Cincinnati is looking for Information Security Architects to join the team NOW!
Power of Productivity
As a security practitioner, it is incumbent upon my kind to become a business enabler, and not an obstacle. There is an intelligent balance between appropriate security and business productivity that we must work towards. This involves a give-and-take culture be established. Information security must bring about awareness to the business masses with thoughtful solutions… Read More
FTPS is hiring the best and br…
FTPS is hiring the best and brightest! Opportunities for information security, physical security practitioners. Agencies need not respond.
Crown Jewels and Encryption Opportunities
As long as there is a need to accept, transmit and store personal and financial information, organized criminals and other self-righteous entities will attempt to breach the caretaker’s enterprise to obtain this information. Mastering the art and science of information security is an elusive quest. Few will ever achieve their goal. Few will ever reach… Read More
Juris Doctor 60 of 215
It’s been sixty weeks since I embarked on this educational adventure. Tomorrow will be a milestone day. I’ll sit for eight hours while I work my way through the California Bar Association’s First Year Law School Student Examination. Classes start back up in January and will continue for three more years. I am enjoying the… Read More
Juris Doctor 59 of 215
I’m clearly behind in my blogging activity in general. It has been a whirlwind two weeks getting settled, comfortably I might add, into my new position as Chief Security Officer for Fifth Third Processing Solutions. An interesting and fortuitous event occurred during my first week on the job. Execurtive leadership added physical security to my job… Read More
CSO at Fifth Third Processing Solutions
We are on the move! I’ve accepted and am very excited about joining Fifth Third Processing Solutions, a joint partnership between Advent International and Fifth Third Bank. I will be their Chief Security Officer leading the Information Security and Physical Security departments and based in Cincinnati Ohio. I resigned my position with BB&T, formerly Colonial… Read More
Changes are Coming: Electronically Stored Information
I’ve been doing a bit of research into the subpoena, search, custody, and disposal of electronically stored information (ESI). Part of this comes in the normal course of doing business as a Chief Information Security Officer, while part comes from my natural passions for information security and the law. The reality that casting a wide… Read More
Daily Digest for September 2nd
mdpeters @CDMmedia looking for Cloud Computing standards? Check out opencloudconsortium.org. Don’t relegate security to the dust bin, get educated! [#]. mdpeters Cloud Computing: Would you go to your wedding without knowing who is under the vail? Know your potential SaaS provider intimately first. [#]. mdpeters New blog post: Enclaves of Technical Excellence https://michaelpeters.org/?p=786 [#]. mdpeters… Read More
Thriving and surviving in an e…
Thriving and surviving in an economic downturn: it is a good time to be in information security.