You’ve see it in the news all too frequently now in our technologically interconnected world; companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. The terrible truth is that companies and consumers are losing the battle. The cost of these breaches is rising as consumers are beginning to… Read More
Last year was a very high profile year for companies being attacked with distributed denial of service (DDoS) and this year doesn’t look any better. While there are some network layer based products, services and techniques available to companies, many of these are missing part of the solution. The problem is that network layer approaches are really… Read More
For anyone who has purchased my book, Governance Documentation and Information Technology Security Policies Demystified, you now have full access to premium content that supports the book available for free download. To have access to this content, do the following:
I was presented with a question this week that I thought was worth sharing. The question was “What you think information security executives will need to be focused on in the next 2 to 3 years in order for their organizations to be successful?” I responded with these tasks-concepts that security executives must embrace: Collaboration… Read More
Your Personal CXO is one of the worlds best resources for information security, privacy, cyberspace law and technology guidance delivered to you freely. Now there is an Android app to help you take it with you. Access premium downloadable content, articles, news and other content right from your Android device. Find it here in the… Read More
Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your… Read More
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!
Fact: Companies are being breached seemingly at-will by hackers, malicious insiders, competing company entities, and nation states. Companies and consumers seem to be losing the battle. Sources of this problem are: 83 percent of organizations have no formal cyber security plan. (Source: National Cyber Security Alliance, 2012) Thousands of breaches have occurred over the last… Read More
You know it’s a great day when CSO’s Bill Brenner takes an interest in your book. He posted an excerpt and some commentary today in the Security Leadership section of CSO about my book, Governance Documentation and Information Technology Security Policies Demystified which may be found here: CSO Magazine Online and I couldn’t think of a better place for… Read More
For those of you concerned about personal privacy and consumer protections, I posted an article back in September 2012 with analysis concerning mobility privacy and security concerns I had and you should too. There was some survey results and I also opened up a FCC complaint to initiate an investigation into my concerns. The article… Read More
PenTest Magazine just released their latest issue and my article, Risky Business: IT Security Risk Management Demystified is included. You may find it here and also directly from the publisher here. Enjoy!