We Just Gave Away Our Cyber Security Intellectual Property. It was the right thing to do.
Why a Chicago-Based Cyber Security Firm Just Released its Prized IP.
By Chris Cronin, ISO 27001 Auditor, Partner (more…)
Why a Chicago-Based Cyber Security Firm Just Released its Prized IP.
By Chris Cronin, ISO 27001 Auditor, Partner (more…)
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your control and uses a combination of social engineering and phishing attack techniques. (more…)
By Chris Cronin, ISO 27001 Auditor, Partner
The ever-increasing demands from laws and regulations to protect personal information comes with confusion about what exactly our protection responsibilities are. One source of that confusion is in the use of the terms “privacy” and “security.” While “privacy” and “security” are both common terms used in laws, regulations, and security standards, they mean very different things and they are managed very differently. In fact, the difference between the two has a lot to do with what organizations are capable of controlling. (more…)
What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose best. (more…)
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means the end of, our analysis of reasonable security.” This statement might be alarming to the business and security communities, but it’s important to understand their statement in context, and for you to know what to do about it. (more…)
HACKER INDICTMENTS – Cybersecurity audits mean nothing to hackers. And in fact, neither do short-sighted privacy regulations. Hackers have been showing us this for years. And not just because they find ways to exploit systems before you have a chance to lock them down. It’s more than that. Hackers find value in your systems and data that you don’t think are interesting enough to protect. (more…)
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security and make compliance an enterprise-wide priority for managing risks. (more…)
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA
The Internet of Things (IOT) and Cloud Computing has provided business and consumers with unimaginable tools and functionality, not to mention immense entrepreneurial opportunities. Along with the connectedness of these solutions comes increased security risks that many entrepreneurs, start-ups, and venture capitalists need to be aware of before either launching into the tech industry or investing in a tech business. (more…)
PREPARING FOR YOUR DATA BREACH. Author: Chris Cronin, ISO 27001 Auditor
Most InfoSec professionals don’t want to think about becoming the next victim of a major data breach to make the headlines. And yet when faced with another major data breach it is a time when Executive Management and security teams reflect on their own insecurities. The latest breach is being reported as the largest data breach of health information or protected health information (PHI) in U.S. history with 80 million records stolen. The high profile breaches of Sony, Target and Home Depot, brand themselves in consumer’s minds, as Americans deal with the direct and indirect effects. And now we have a large healthcare insurance provider running its incident response cycle. (more…)
Author: Chris Cronin, ISO 27001 Auditor
Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications can create huge impacts not only to business, but to the public if the integrity or availability of systems is compromised. (more…)