For those of us in the world of information security, the news of Attorney General Eric Holder bringing a first-of-its-kind criminal cyber espionage case against Chinese military officials is no surprise at all. For years, the Chinese have been known for launching cyber attacks on American industrial and military targets to steal prized military secrets […]
Early on in my information security career I was auditing a firm that conducted complex economic analyses for their clients. They processed a lot of personal information and they wanted to be sure they were applying appropriate controls to safeguard that information. Part of their business model was to charge their clients per hour for […]
Information security policies – Whoo hoo! Pretty exciting stuff! But seriously, if we didn’t have policies, where would we be? Civilization as we know it would cease to exist! We all have policies that we adhere to – personally, professionally, morally.
You have an incident – may be a breach in progress, may be a breach that happened a while ago but is just noticed – what is your incident response? What do you do? Do you have a plan? Have you tested your plan recently? Is everyone trained in their responder role?