Your Personal CXO is one of the worlds best resources for information security, privacy, cyberspace law and technology guidance delivered to you freely. Now there is an Android app to help you take it with you. Access premium downloadable content, articles, news and other content right from your Android device. Find it here in the… Read More
Security Overlooked: Domain Name Service (DNS)
Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your… Read More
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
ETA – Estimated Time of Arrival in the Android Market
I have a new application in the Android Market today called ETA located here: ETA is the awesome new way to track your favorite people. ETA, otherwise known as Estimated Time of Arrival, is a clever application that answers the question other people ask you so frequently; where are you and how long will it… Read More
PenTest Magazine: The Security Trifecta – IT Security Governance Demystified
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Buyer Beware
Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last… Read More
Thank You CSO Magazine Online!
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
Updated: Privacy Concerns: Survey Says!
For those of you concerned about personal privacy and consumer protections, I posted an article back in September 2012 with analysis concerning mobility privacy and security concerns I had and you should too. There was some survey results and I also opened up a FCC complaint to initiate an investigation into my concerns. The article… Read More
Re-post: Your Employee Is an Online Celebrity. Now What Do You Do?
Mixing social media and on-the-job duties can be a win-win. Or not. I wanted to share an excellent article concerning an emerging issue in the workplace concerning employees with strong personal brands and potential conflicts with corporate needs and expectations. The original article is here: Personally, I considered it an excellent thought-provoking article! It points… Read More
Thanks for raising security awareness Bill Brenner!
I appreciate being mentioned on the CSO Magazine: Salted Hash – IT Security News column hosted by Bill Brenner here:
Information Security By the Numbers
The Security Trifecta is a comprehensive and innovative approach to holistic security, risk, governance and privacy coverage for the enterprise. Because the methodology is universally applicable and ultimately sustainable, it has become the perfect model for any size organization regardless of business concentration. In fact, the more critical, the more regulated, the more sensitive the… Read More
Embargo to Espionage: A Cursory Review of the Shamoon Virus
There has been very little coverage about a new usage of the latest class of cyber-weapons, specifically one dubbed the Shamoon Virus. The most likely reason for this is that it did not affect western interests more so than it did middle-eastern state interests. Specifically, the sabotage of computers at state oil giant Saudi Aramco… Read More
2012 Louisville Metro InfoSec Conference
I attended the 2012 Louisville Metro InfoSec Conference, now in it’s 10th year, as keynote speaker. The conference is a function of the ISSA Kentuckiana Chapter currently led by Randall Frietzche. Once again, they are pushing the capacity of the venue space due to the increasing popularity of this important conference. On a personal note,… Read More
Dichotomy
As we approach retail’s favorite season, I have the unique perspective of being concerned about information security as both the Chief Information Security Officer (CISO) for a commerce software company and as a customer to a plethora of retailers — some who are clients and others who are not. In effect, I’m wearing two… Read More
Symbiotic Mutualism: A BYOD Love Story
The mass proliferation of consumer computing devices is in full force with only escalation on the horizon before us and any technologist who thinks that they can stop it or officially banish it from their little kingdoms should think again. Those troglodytes will only lead a frustrating existence in a world where resistance is truly… Read More
Privacy Concerns: Survey Says!
A recent survey by the Pew Research Center found that the majority of mobile phone users have uninstalled or avoided apps due to privacy concerns. According to the report: 54% of mobile users have decided to not install an app after discovering the amount of information it collect 30% of mobile users uninstalled an app… Read More
HORSE WIKI: The Holistic Operational Readiness Security Evaluation wiki
Looking for the HORSE Project? Look no further! Welcome to the Holistic Operational Readiness Security Evaluation (HORSE) project Wiki. We would like to invite the information security community to participate in this open community project. The intention is ultimately to raise the proficiency level of information security auditors, security practitioners, lawyers and legal practitioners, financial… Read More
THE SECURITY TRIFECTA
The Security Trifecta An Introductory Review Information Security By the Numbers The Security Trifecta Methodology Briefings The Security Trifecta: Information Security By the Numbers The Security Trifecta: We are all in the Same Boat The Security Trifecta: Collaboration Vs. Isolation The Security Trifecta: Governance, Technology and Vigilance The Security Trifecta: Source Code, Application and Systems… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Editorial Reviews: Jim Cox
Midwest Book Review’s Editor-in-Chief Jim Cox writes: “Along with the general economy, the job market crash that began in 2008 and which is starting to recover some four years later is still highly competitive and highly volatile. This is as true for executive level corporate officer as it is for the industrial line worker. Drawing… Read More
Is Facebook Losing its Luster?
I’ve been trying out an opted-in email based campaign this month targeting University Teachers, Higher Education Teachers and Book Stores in the US with a simple message that includes links to the most common sources of information and purchasing options for one of my books, Governance Documentation and Information Technology Security Policies Demystified which makes… Read More
Freshly Rendered Graphics for The Security Trifecta
To appease the trademark gods, I had a whole series of images rendered to represent The Security Trifecta methodology and offerings. Here is an example: Thoughts?
ISSA Hall of Fame recipient
Yesterday I received wonderful and humbling news from Kevin Richards, International President of the Information Systems Security Association that I’m being inducted into the ISSA Hall of Fame. In the realm of information security, this could probably be compared to the Hollywood Oscars. It is tremendously exciting and as I’ve mentioned, very humbling for me to… Read More
What You Say Can And Will Be Used Against You In A …
Have you ever wondered what happens to all those queries given to SIRI or IRIS on your smartphones? Millions of people should be concerned and so should public and private sector organizations. For those of you who are not up to speed on what SIRI or IRIS is, I’ll explain. Basically, they are two applications… Read More