Information security laws and regulations are telling us to conduct risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and don’t understand […]
Author: Todd Becker, PCI QSA, ISO 27001 Auditor Secure development is not just for software companies and custom application development shops. Embracing secure development practices in IT and procurement functions within an organization ensures that reasonable and appropriate actions are exercised to achieve compliance to regulations and other security requirements. According to a 2013 Ponemon report, […]
The death of Caesar at the hands of the senators. Painting by Vincenzo Camuccini, 1798. “Et tu, Brute?” meaning “Even you, Brutus?” is a Latin phrase often used poetically to represent the last words of Roman Dictator Julius Caesar to his friend Marcus Brutus who betrayed him at the moment of his assassination.
The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. The […]
Security Awareness Training – There is plenty of technology that can be applied in all manner of ways to help protect against a breach, but if the employee culture doesn’t embrace being mindful of security, it makes the CISO’s job a little harder.