Once again another company is on the heels of a massive data breach where intellectual property, customer records, private information, you-name-it, has been compromised, a security incident. The recent news of Adobe Systemsi where a malicious entity stole intellectual property and accessed millions of credit card numbers is another case where “if there is a […]
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, […]
Information security laws and regulations are telling us to conduct cyber security risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and […]
Author: Todd Becker, PCI QSA, ISO 27001 Auditor Secure development is not just for software companies and custom application development shops. Embracing secure development practices in IT and procurement functions within an organization ensures that reasonable and appropriate actions are exercised to achieve compliance to regulations and other cyber security requirements. According to a 2013 Ponemon […]
The death of Caesar at the hands of the senators. Painting by Vincenzo Camuccini, 1798. “Et tu, Brute?” meaning “Even you, Brutus?” is a Latin phrase often used poetically to represent the last words of Roman Dictator Julius Caesar to his friend Marcus Brutus who betrayed him at the moment of his assassination.
The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. The […]
Cyber Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder.