Gearing Up for the Holidays? So Are Cyber-Criminals

Article Reprint:–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More

Juris Doctor 85 of 215

So I’ve been spending a bit of time with the Federal Rules of Civil Procedure and I of course look for connections to the activities I’m involved in such as my day job as Chief Information Security Officer. A trend that I’ve commentated upon heavily over the past two years concentrates on what is being… Read More

Social Networks and Social Engineering

I’ve commented occasionally about social networking site and appropriate content posted therein. I’ll share an article I read on a favorite news site. It is an amazing abuse of authority in my opinion. It also demonstrates the hazards of what could happen when low-tech mentality bludgeons high-tech. Original URL: US city demands FaceSpaceGooHoo log-ins… Read More

Loose Lips, Sink Ships.

A very common mistake made by employers is to allow an employee investigation to become so informal and disorganized that managers and employees learn about the nature of an investigation. The individual(s) who learn of such facts directly or through the rumor mill often relay embellished or false facts about the employee under investigation.  With… Read More

Policies, standards, and Guidlines, Oh My!

  My pet project for the past three years has been the Holistic Operational Readiness Security Evaluation wiki, otherwise known as the HORSE Project. In addition to some great audit guidance, security advice, tools, ect, there is a full compliment of policies to use as boilerplates for any organization. Find it all here: It… Read More