I’ve been doing a bit of research into the subpoena, search, custody, and disposal of electronically stored information (ESI). Part of this comes in the normal course of doing business as a Chief Information Security Officer, while part comes from my natural passions for information security and the law. The reality that casting a wide… Read More
CIO Finance Summit Closure
It is always good to visit with the folks from CDM Media in Scottsdale Arizona. I was invited to participate in a CIO Panel Discussion titled: “Security, Encryption and Fraud: Future proofing the banking system and ensuring greater consumer protection.” Scott Crawford, Managing Research Director, Security & Risk Management with EMA moderated. Mike Kearn, ISO… Read More
Daily Digest for September 2nd
mdpeters @CDMmedia looking for Cloud Computing standards? Check out opencloudconsortium.org. Don’t relegate security to the dust bin, get educated! [#]. mdpeters Cloud Computing: Would you go to your wedding without knowing who is under the vail? Know your potential SaaS provider intimately first. [#]. mdpeters New blog post: Enclaves of Technical Excellence https://michaelpeters.org/?p=786 [#]. mdpeters… Read More
Thriving and surviving in an e…
Thriving and surviving in an economic downturn: it is a good time to be in information security.
Enclaves of Technical Excellence
I have long held that the prime objective of a security practitioner to protect the Crown Jewels that reside within a data source. It is necessary to assess our controls put in place to thwart threats to our data sources. It is vital that we construct the new perimeter directly around those databases. Gone are… Read More
@CDMmedia looking for Cloud Co…
@CDMmedia looking for Cloud Computing standards? Check out opencloudconsortium.org. Don’t relegate security to the dust bin, get educated!
Daily Digest for August 31st
mdpeters When business and information security are aligned, the true value of security will be apparent. [#]. mdpeters In the debate concerning insider versus outsider information security threats, consider any connection to data as an outsider threat. [#]. mdpeters @CDMmedia BI education seems to be the biggest utilization hurdle. This is true holistically, not just… Read More
KISS – Keep It Simple Security – 2009090101
I was reading the latest report published by Deloitte titled “The 6th Annual Global Security Survey.” I did enjoy the survey results and I do intend on using a portion to help shape my general information security strategy in my practice. Certain fundamentals are always sound and always obvious. One quote that I’ll comment on… Read More
In the debate concerning insid…
In the debate concerning insider versus outsider information security threats, consider any connection to data as an outsider threat.
When business and information …
When business and information security are aligned, the true value of security will be apparent.
Daily Digest for August 31st
mdpeters On the way to the CIO Finance Summit at the Scottsdale Arizona Four Seasons to represent the security community. [#]. mdpeters New blog post: Juris Doctor 52 of 215 https://michaelpeters.org/?p=767 [#].
On the way to the CIO Finance …
On the way to the CIO Finance Summit at the Scottsdale Arizona Four Seasons to represent the security community.
CIO Finance Summit 2009
I’ll spent a few days in Scottsdale Arizona attending the CIO Finance Summit. I received an invitation to be a guest panelist for financial services information security. This will be the second time attending a CDM Media event. I’ll meet again with many of my counterparts from around the industry and made some new connections… Read More
Social Computing Guidelines
I have added a new governance document to the HORSE wiki that provides an example of a social computing and networking employee guideline. It is located here: http://lazarusalliance.com/horsewiki/index.php/Social_Computing_Guidelines Like so many of my corporate information security counterparts, the explosion of public applications available and the massive participation presents a new challenge in the presentation of… Read More
Daily Digest for August 19th
mdpeters New blog post: Progress made towards information security https://michaelpeters.org/?p=733 [#].
Progress made towards information security?
When the Cyber Czar’s and CISO’s get a seat at the big table, in a normal chair, rather than a high chair, global society will not gain traction towards appropriate information security. We will continue to be reactive and not proactive.
Laws of Power – 27
Play on people’s need to believe to create a cult-like following: people have an overwhelming desire to believe in something. Become the focal point of such desire by offering them a cause, a new faith to follow. Keep your words vague but full of promise; emphasize enthusiasm over rationality and clear thinking. Give your new… Read More
Laws of Power – 17
Keep others in suspended terror: cultivate an air of unpredictability: humans are creatures of habit with an insatiable need to see familiarity in other people’s actions. Your predictability gives them a sense of control. Turn the tables: Be deliberately unpredictable. Behavior that seems to have no consistency or purpose will keep them off balance, and… Read More
Laws of Power – 14
Pose as a friend, work as a spy: knowing about your rival is critical. Use spies to gather valuable information that will keep you a step ahead. Better still: Play the spy yourself. In polite social encounters, learn to probe. Ask indirect questions to get people to reveal their weaknesses and intentions. There is no… Read More
Corporate Records: Voice-mail
As electronic discovery matures to meet the ever-changing technology landscape, it is incumbent upon the information security practitioner, forensic investigator, General Counsel, or others responsible for the discovery, acquisition, processing, preservation, and presentation of electronic records to keep swimming or risk drowning. There should be no illusion that voicemail would be considered an electronic record… Read More
Social Networks and Social Engineering
I’ve commented occasionally about social networking site and appropriate content posted therein. I’ll share an article I read on a favorite news site. It is an amazing abuse of authority in my opinion. It also demonstrates the hazards of what could happen when low-tech mentality bludgeons high-tech. Original URL: http://www.theregister.co.uk/2009/06/18/american_burg_and_facebook/ US city demands FaceSpaceGooHoo log-ins… Read More
Cloud Computing: Part 2
Internet information exchange and commerce has matured to the point that we cannot imagine how we would run our businesses without technology anymore. We have created elaborate systems and constructed solid disaster recovery and business continuity mechanisms to protect our digital assets. Until recently, these Internet facing systems have resided on dedicated computers that we… Read More
The lines are blurring
The legal profession, in one form or another, as existed for thousands of years. As with any activity, experience and practice helps us become more proficient, more accurate, more profound. Information security and regulatory activities are relative newcomers in the holistic picture. These pursuits also require vigilance and practice. An interesting phenomenon I believe is… Read More
Participating in the FST Finan…
Participating in the FST Financial Services Technology 8 Summit this week as an Information Security ILM guest panelist.