The development of AI has been a game-changer for nearly everyone, and that fact is no different in the world of cybersecurity. New threats powered by AI are reshaping traditional attack vectors, including cryptography, prevention, and social engineering. In this article, we’re discussing how, in the so-called AI Boom of 2023, cybersecurity is being shaped… Read More
Hello Payment Card Industry (PCI) Qualified Security Assessor (QSA)
I’m honored to be joining the Payment Card Industry (PCI) Qualified Security Assessor (QSA) ranks. Credit card fraud and identity theft will always be a problem and it seems we continue to be painfully more and more aware of just how often it is breached by cyber-criminals. If you would like to know more about what… Read More
Privacy Piracy Host, Mari Frank, Esq. Interviews Michael Peters
PRIVACY PIRACY HOST, MARI FRANK, ESQ. INTERVIEWS MICHAEL PETERS MONDAY AUGUST 25TH, 2014, AT 8AM PACIFIC TIME ON KUCI 88.9 FM IN IRVINE AND STREAMING ON WWW.KUCI.ORG MICHAEL PETERS will discuss the following topics and more! Lazarus Alliance Information Security Biggest Threat to our Global Community Don’t miss this fascinating interview with MICHAEL PETERS ! Here’s some background information about this… Read More
2014 Phoenix Security & Audit Conference
I’m looking forward to presenting The Death of Privacy: A Tale of Collusion and Corruption at the 2014 Phoenix Security & Audit Conference. In our technically advancing world, our personal privacy expectations must be reconsidered, re-conceived and redefined. We all expose ourselves through swipes, transactions, likes and tweets. Through handsets, television sets and mindsets, we… Read More
If You Ignore Security Vulnerabilities, They Go Away!
I was recently contacted by the CEO of an upstart company in the business health insurance space who wanted my company to enroll. While there were many compelling reasons to join forces with them, as any responsible executive would do, I wanted to know more about how my private data would be protected while in… Read More
Information Systems Security Association (ISSA) elections
The Information Systems Security Association (ISSA) elections for international leadership positions has now opened. I’m running for a Director position and I’m asking ISSA members to please vote for me. As a career security professional, ISSA Hall of Fame and Fellow recipient, I have received so much value from this not-for-profit, international organization of information security professionals… Read More
Dumb Luck: Why Security Breaches Are Like Playing Russian Roulette
“The future masters of technology must be light-hearted and intelligent. The machine easily masters the grim and the dumb.” Marshall McLuhan This quote has been a long standing personal favorite because it really illustrates on many levels the need to embrace the “Life Learner” concept; always pushing to enhance your own skill-set and capabilities. It… Read More
Human Nature – The Proverbial Thorn in the CISO’s Keaster!
While pondering the recent Target and Neiman Marcus breaches and many of those that have come before, I cannot help myself but to look for common denominators. If you compare these companies to your house, there are doors and windows that allow movement into and out of those houses. If you open a window and it… Read More
Too Many Targets! Why Target isn’t the only retailer poised for a breach.
Unless you have been living without a source for current news this week, you undoubtedly have heard the bad news about Target Corporation and how hackers breached the technological defenses and stole credit-card data for roughly 40 million customers. The media frenzy focused on Target Corporation has already spawned a dozen class-action lawsuits against the… Read More
Survival Guidance! Resource for SSAE 16 SOC 2 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 2 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! Resource for SSAE 16 SOC 1 Readiness Audits
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the procedural and technical controls free. This is a resource based on the SSAE 16 SOC 1 framework you may freely use to conduct your organization’s readiness audits. Your results are private and the output is sent to you without charge. It’s just… Read More
Survival Guidance! FedRAMP and FISMA Resource for Assessing the Security Controls in Federal Information Systems and Organizations
Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for assessing the security controls in federal information systems and organizations free. This is a resource based on the NIST 800-53A framework you may freely use to conduct your organization’s FedRAMP, HIPAA or best practice based security audits. Your results are private and the output… Read More
Survival Guidance! Resource for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
HIPAA Survival Guidance! MichaelPeters.org and LazarusAlliance.com is making our auditor’s resource for implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule free. This is a resource you may freely use to conduct your organization’s HIPAA security audits. Your results are private and the output is sent to you without charge. It’s just on… Read More
A Decade of SOX: Knowledge is your friend; Ignorance is your enemy
We are well past a decade now living with the Sarbanes Oxley Act. As one might expect, corporations, employees and auditors alike have become acclimated to the requirements so much so that the process is routine. The upside to this is that people supporting a SOX audit are pretty comfortable with the expectations and requirements.… Read More
The Truth about ID Theft: No fear mongering, no snake oil, just simple advice.
After years of advising corporations, investment firms and being directly involved with helping people understand what identity theft is and making recommendations on how they might thwart criminals from turning them into victims. I decided to revisit the topic and share a simple checklist approach to prevent identity theft. With just a few simple steps… Read More
In Harm’s Way: The CISO’s Dangerous Tour of Duty
I’ve been in the corporate chief information security officer’s (CISO) executive chair long enough to realize that the traditional hierarchical model of information security reporting up through the technology department has a fatal flaw. This hazard is directly associated with the inherent conflict of duties that exists by the very nature of the position. For… Read More
The Security Trifecta – Governance Made Easy: CISO Executive Summit Keynote
The CISO Executive Summit 2013 – Minneapolis I enjoyed delivering the closing keynote at the CISO Executive Summit this year and getting the opportunity to collaborate, strategize and even in some cases, commiserate with my information security comrades from across the industry. The good folks at Evanta organized the event with direction from the event’s… Read More
The Inmates are Running the Asylum: Why Cyber-criminals are Winning.
I could tell you about the most recent incidents of cyber threats in the news, but with the explosion of cyber threats there would be little value in citing just a couple of cases. The shocking reality is that there have been literally thousands of actual breaches that have NOT been reported to law enforcement in just… Read More
Reasonable Duty of Care: Data Security and Privacy
You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More
Security Overlooked: Weathering the DDoS Storm
Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution. The problem is that network layer approaches are really… Read More
Please Vote for this blog!
Vote for me today please! I’m listed in the preliminary round of nominees in two categories for the 2013 Social Security Blogger Awards. Polls close tomorrow. Cast your vote here: https://www.surveymonkey.com/s/SBNvotes and I’m in the “The Most Educational Security Blog” and “The Blog that Best Represents the Security Industry” categories. Thank you!
Download Premium Content: Governance Documentation and Information Technology Security Policies Demystified
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
The Future of the Security Executive?
I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration… Read More
The HORSE Project has an app!
Still the best source for security, cyberspace law and IT risk management! The HORSE Project now has its own Android app. Now there is an Android app to help you take it with you. Access premium downloadable content, guidance, tools, frameworks, and other content right from your Android device. Find it here in the Google Play… Read More