You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More
Security Overlooked: Weathering the DDoS Storm
Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution. The problem is that network layer approaches are really… Read More
Download Premium Content: Governance Documentation and Information Technology Security Policies Demystified
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
The Future of the Security Executive?
I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration… Read More
Your Personal CXO has an app!
Your Personal CXO is one of the worlds best resources for information security, privacy, cyberspace law and technology guidance delivered to you freely. Now there is an Android app to help you take it with you. Access premium downloadable content, articles, news and other content right from your Android device. Find it here in the… Read More
Security Overlooked: Domain Name Service (DNS)
Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your… Read More
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
PenTest Magazine: The Security Trifecta – IT Security Governance Demystified
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Buyer Beware
Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last… Read More
Thank You CSO Magazine Online!
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
Updated: Privacy Concerns: Survey Says!
For those of you concerned about personal privacy and consumer protections, I posted an article back in September 2012 with analysis concerning mobility privacy and security concerns I had and you should too. There was some survey results and I also opened up a FCC complaint to initiate an investigation into my concerns. The article… Read More
Risky Business: IT Security Risk Management Demystified
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Usage Terms
MichaelPeters.org – Your Personal CXO and its affiliates (“MichaelPeters.org – Your Personal CXO” or “we”) provides its content on MichaelPeters.org (the “Site”) subject to the following terms and conditions (the “Terms”). We may periodically change the Terms, so please check back from time to time. These Terms were last updated on March 31, 2012. By… Read More
Shot Down in Flames! – That ROI for security or litigation is in jeopardy.
The Return on Investment, aka ROI, is an essential financial measurement for any business venture and one that must be positive, or at least neutral, in order to demonstrate the viability of the proposition being examined. There are certain essential business functions however that does not provide a return on your investment; and two… Read More
Easiest way to breach a bank? Just hold-em-mop!
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a $7,500 settlement with Belmont Savings Bank following a May 2011 data breach involving the names, Social Security numbers and account numbers of more than 13,000 Massachusetts residents. The bank has stated that it has no evidence of unauthorized access to or use of consumers’… Read More
The PCI Challenge
It is frequently in the news. Reports have been written. Punitive and compensatory damages have been awarded. Companies around the globe have been challenged to find the resources required to comply with the Payment Card Industry Data Security Standard (PCI DSS). The prime PCI DSS objective is to protect cardholder data. The prime objective of… Read More
New PCI Data Security Standards for Cloud Compliance
The PCI Security Standards Council’s Virtualization Special Interest Group recently published its “Information Supplement: PCI DSS Virtualization Guidelines” (the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”). The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders: