Information Security

Baird Brueseke, creator of Cyber Lab as a Service (CLaaS)

An introduction to cybersecurty with expert Baird Brueseke; he discusses principles of cybersecurity and approaches to cybersecurity assessments.

NIST Privacy Framework Sets New Standards for Cyber-Insurance

 On January 16, 2020 the National Institute for Standards and Technology (NIST) released the first version of a voluntary privacy framework, “Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.” This privacy framework will be widely used by ...

Privacy is for People

Why do Companies Need Cybersecurity? Have you ever heard a company talk about privacy when they are discussing a massive hack and theft of your data? Why is cybersecurity such a buzzword when simple privacy would solve so many ...

Collaboration Tools have an IG Problem

  Major corporations worldwide utilize collaboration tools to enhance worker productivity. In today’s workplace, employee mobility is essential. It is quite common for team members to be located in different cities, meeting and working together in virtual conferences, and ...

The Wild but Tamable World of Threat Intelligence

The concept of threat intelligence has existed in our world much longer than any computer has. Over 1000 years ago in The Art of War, Sun Tzu made some of the earliest mentions of threat intelligence known to man. One ...

Phishing Attacks are Morphing – Changing to Bypass Security Tools

Israel-based Cybersecurity firm Ironscales reports that 42% of the phishing attempts they examined were “polymorphic.” Polymorphism happens when bad actors make slight and often random changes to an email’s artifacts such as its content, subject line, sender name or template. ...

Healthcare Workers Often not Trained in Cybersecurity Awareness

  In 2018, the WannaCry malware epidemic knocked out more than 200,000 computers in 150 countries. In some hospitals, WannaCry encrypted the data on all devices, including medical equipment. The headlines associated with healthcare-related data breaches should make organizations implement ...

An Interview with Dr. Mansur Hasib, Cybersecurity Leader

Dr. Mansur Hasib is a leader in the cybersecurity discipline, and a respected author and teacher. He has 30 years of experience (including 12 as CIO) leading organizational transformations through digital leadership and cybersecurity strategy in healthcare, biotechnology, education, and ...

Ransomware Attacks Hit Municipalities

  Municipal governments report a continued increase in ransomware attacks, while the US federal government offers little assistance. Hackers downed a help line during a major snow storm in Akron, Ohio, late last year, and froze the city of Baltimore’s ...

Local US Governments under Cyber Siege

The summer of 2019 continued to be devastating to local governments under siege from hackers and malware. The Texas Department of Information Resources is investigating over 20 attacks on mostly rural Texas towns. Further, this trend does not appear to ...

Google is Listening in – Accidently?

  Have you recently purchased a Google Nest? If so, you might want to know that the latest foray into home security was hiding something from you––microphones. And if you’re curious why you haven’t heard about it, then it shouldn’t ...

Data Safety Insights: Session Replay Technology

  The secretive world of data capture has invaded the iPhone. A recent study by Tech Crunch found that many popular apps are capturing user screen activity without consent. Many companies that use these apps monitor user activity, record it, ...

Cybersecurity must extend to your Supply Chain – Hack Creates Border Risk

If you crossed the southern border of the U.S. into Mexico by car recently, your license plate information may have been compromised. Officials at U.S. Customs and Border Protection (CBP) said they were the victims of a “malicious cyberattack” ...

New Network Monitoring Tool Addresses Massive Data Volumes

  The volume of network traffic inside today’s corporate environments is staggering. Monitoring this increasingly large volume of traffic for signs of malicious activity can be an overwhelmingly complex task. One strategy to deal with this situation is the implementation ...

Protecting Digital FootPrints while you Travel

  In October 2018, Cathay Pacific Airlines announced in a tweet that it discovered “unauthorized access to some of our passenger data.” (1) The breach exposed dates of birth, passport numbers, home addresses, historical passenger travel data, and other vital ...
CIS Mobile Controls v.7

CIS Releases New Mobile Controls v.7

In March, 2019 the Center for Internet Security (CIS) released the Mobile Companion Guide to help organizations map the CIS controls and their implementation in mobile environments. In the companion guide, the focus is on a consistent approach to applying ...

CSAs Cloud Controls Matrix Maps to Leading Frameworks

  The genesis of the The Cloud Security Alliance (CSA) began at the 2008 Information Systems Security Association (ISSA) Chief Information Security Officer (CISO) Forum in Las Vegas. The CSA was incorporated as a non-profit organization in 2009. The ...

Security Awareness Training – What Leading Vendors think is Important

  Reducing the Risk - Security Awareness Training Security Awareness Training (SAT) can be an easy win for IG Programs. Implementation of a SAT program almost immediately reduces corporate risk. Knowledge retention testing and metrics confirm that employees have been ...

U of San Diego Hosts Cyber Law, Risk and Policy Symposium

  Getting Schooled The University of San Diego’s Center for Cyber Security Engineering and Technology (CCSET) hosted a two-day symposium last November on Cyber Law, Risk and Policy. This event brought together cybersec industry thought leaders to discuss how the ...

Stepping into Security Assessments Part 2

  Stepping into Security Assessments – Metrics & Executive Engagement Part II in the Series Before jumping into the topic of assessment metrics, first, a quick update regarding the Center for Internet Security (CIS) controls. Recently released Version 7 separates ...

Medical Device Cybersecurity: A wicked problem

Cybersecurity attacks on medical devices can disrupt or deliver inaccurate patient care, as well as negatively impact business operations, resulting in staggering financial impacts due to lost revenue, fines, and penalties. Bruce Schneider, security expert, defines the term “Wicked Problem” ...

Interview with Cybersecurity Leader Oz Alashe

British military leadership prepared him for defense against cyber threats. Oz Alashe MBE leads the UK cybersecurity firm CybSafe and has been the driving force behind the CybSafe concept, vision and platform. Oz is a former Lieutenant Colonel in the ...

Star Struck Reasonable Security under CCPA

Navigating “Reasonable Security” under California’s Consumer Privacy Act California is the birthplace of stars, the Internet, and consumer privacy. In 1974, California empowered its residents with an inalienable constitutional right of privacy. Over time, that right has expanded to ...
Berners-Lee-New-Creation

Berners-Lee’s New Creation

Author: Mark Driskill | Date: October 10, 2018 As the father of the Web, Tim Berners-Lee pays close attention to the malicious ways in which some are using his invention, particularly considering recent fake news based social media streams that ...
Ransomware-2.0-Another-Attack-on-Patient-Records

Ransomware 2.0 – Another Attack on Patient Records

Ransomware attacks are among the most serious and prevalent threats for data. Ransomware is best understood as a type of malicious software that intends to either publish of block access to information until a “ransom” is paid. While ransomware attacks ...
Security-Awareness-Training-Quick-Win-for-IG-Programs

Security Awareness Training – a Quick Win for IG Programs

People are the First Step in Securing the Enterprise One of the quick wins that an Information Governance (IG) program can bring to an organization is the implementation of a Security Awareness Training program.  Information Governance programs are implemented to ...
Stepping-into-security-assessment-part-1

Stepping Into Security Assessments Part 1

Part 1, Selecting a framework In today’s cyber threat landscape, companies have a fiduciary duty to assess their cyber security posture.  This is the root function of a Cyber Security Assessment. Typically, 3rd party vendors are contracted to perform the ...
What-is-a-vulnerability-assessment

What is a Vulnerability Assessment?

The term vulnerability assessment applies to a broad range of systems. For example, in the context of a disaster recovery plan, the vulnerability assessment would include the likelihood of flooding, earthquakes, and other potential disasters. In the digital sphere, a ...

Cyber-Risk Insurance—an Interview with Judy Selby

Sitting down with the in-demand author and speaker Judy has over 25 years of experience in insurance coverage litigation. She has particular expertise in cyber insurance and coverage under various policy forms for today’s emerging risks. As well, she is ...
What-is-Penetration-Testing

What is Penetration Testing?

Reduce Risk with Simulated Attacks Penetration testing (“pen test”) is a technique used by information security (InfoSec) professionals to find weaknesses in an organization’s InfoSec defenses. In a penetration test, authorized cybersecurity professionals play the hacker’s role. Penetration testing attempts ...
Infogovworld-What-is-security-awareness-training

What is Security Awareness Training?

Employees’ human errors are the weakest link in securing an organization’s confidential information. However, there are some small, inexpensive steps (through employee training) that can reduce information risk. Security Awareness Training (SAT) programs educate an organization’s workforce about the risks ...

Digital Editions

Read Our Latest Edition

DA-New-Logo

Subscribe to our Digital Edition - Free!

Scroll to Top