The New Social Security: When Social Media Meets Social Engineering

The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been… Read More

Reasonable Duty of Care: Data Security and Privacy

You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More

The Future of the Security Executive?

I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration… Read More

The HORSE Project has an app!

Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More

Re-Post: C-Suite Slipping on Information Security, Study Finds

The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More

Information Security By the Numbers

The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More

2012 Louisville Metro InfoSec Conference

I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More

Risk Management CPM Model

I recently wrote an article about IT risk management and created several illustrations. One in particular stands by itself in terms of depicting a holistic view of the whole risk management life cycle in a critical path method model which I thought would be worth sharing. It would be useful to your ISO 27005 or… Read More

The PCI Challenge

It is frequently in the news.  Reports have been written.  Punitive and compensatory damages have been awarded.  Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More

Juris Doctor 135-143 of 161: The Geek Shall Inherit the Universe

Cyber-espionage and Cyber-warfare poses the greatest threat to our society today. No longer are massive militarized forces with the most advanced weaponry the force to fear. The forces to be feared now are computer geeks. A single person or just a few cyber-savvy individuals working together as a team now possess the power to bring… Read More

Gearing Up for the Holidays? So Are Cyber-Criminals

Article Reprint: http://risnews.edgl.com/retail-best-practices/Gearing-Up-for-the-Holidays–So-Are-Cyber-Criminals40304 The holidays typically are the peak season for merchants. Yet at such a critical time of year many retailers still leave themselves vulnerable to significant e-commerce fraud – and the corresponding lost revenue and damaged brand reputation — because they don’t enforce or implement information security best practices throughout the year. While… Read More