Information Security

 On January 16, 2020 the National Institute for Standards and Technology (NIST) released the first version of a voluntary privacy framework, “Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.” This privacy framework will be widely used by ...

Why do Companies Need Cybersecurity? Have you ever heard a company talk about privacy when they are discussing a massive hack and theft of your data? Why is cybersecurity such a buzzword when simple privacy would solve so many ...

  Major corporations worldwide utilize collaboration tools to enhance worker productivity. In today’s workplace, employee mobility is essential. It is quite common for team members to be located in different cities, meeting and working together in virtual conferences, and ...

The concept of threat intelligence has existed in our world much longer than any computer has. Over 1000 years ago in The Art of War, Sun Tzu made some of the earliest mentions of threat intelligence known to man. One ...

Israel-based Cybersecurity firm Ironscales reports that 42% of the phishing attempts they examined were “polymorphic.” Polymorphism happens when bad actors make slight and often random changes to an email’s artifacts such as its content, subject line, sender name or template. ...

  In 2018, the WannaCry malware epidemic knocked out more than 200,000 computers in 150 countries. In some hospitals, WannaCry encrypted the data on all devices, including medical equipment. The headlines associated with healthcare-related data breaches should make organizations implement ...

Dr. Mansur Hasib is a leader in the cybersecurity discipline, and a respected author and teacher. He has 30 years of experience (including 12 as CIO) leading organizational transformations through digital leadership and cybersecurity strategy in healthcare, biotechnology, education, and ...

  Municipal governments report a continued increase in ransomware attacks, while the US federal government offers little assistance. Hackers downed a help line during a major snow storm in Akron, Ohio, late last year, and froze the city of Baltimore’s ...

The summer of 2019 continued to be devastating to local governments under siege from hackers and malware. The Texas Department of Information Resources is investigating over 20 attacks on mostly rural Texas towns. Further, this trend does not appear to ...

  Have you recently purchased a Google Nest? If so, you might want to know that the latest foray into home security was hiding something from you––microphones. And if you’re curious why you haven’t heard about it, then it shouldn’t ...

  The secretive world of data capture has invaded the iPhone. A recent study by Tech Crunch found that many popular apps are capturing user screen activity without consent. Many companies that use these apps monitor user activity, record it, ...

If you crossed the southern border of the U.S. into Mexico by car recently, your license plate information may have been compromised. Officials at U.S. Customs and Border Protection (CBP) said they were the victims of a “malicious cyberattack” ...

  The volume of network traffic inside today’s corporate environments is staggering. Monitoring this increasingly large volume of traffic for signs of malicious activity can be an overwhelmingly complex task. One strategy to deal with this situation is the implementation ...

  In October 2018, Cathay Pacific Airlines announced in a tweet that it discovered “unauthorized access to some of our passenger data.” (1) The breach exposed dates of birth, passport numbers, home addresses, historical passenger travel data, and other vital ...

In March, 2019 the Center for Internet Security (CIS) released the Mobile Companion Guide to help organizations map the CIS controls and their implementation in mobile environments. In the companion guide, the focus is on a consistent approach to applying ...

  The genesis of the The Cloud Security Alliance (CSA) began at the 2008 Information Systems Security Association (ISSA) Chief Information Security Officer (CISO) Forum in Las Vegas. The CSA was incorporated as a non-profit organization in 2009. The ...

  Reducing the Risk - Security Awareness Training Security Awareness Training (SAT) can be an easy win for IG Programs. Implementation of a SAT program almost immediately reduces corporate risk. Knowledge retention testing and metrics confirm that employees have been ...

  Getting Schooled The University of San Diego’s Center for Cyber Security Engineering and Technology (CCSET) hosted a two-day symposium last November on Cyber Law, Risk and Policy. This event brought together cybersec industry thought leaders to discuss how the ...

  Stepping into Security Assessments – Metrics & Executive Engagement Part II in the Series Before jumping into the topic of assessment metrics, first, a quick update regarding the Center for Internet Security (CIS) controls. Recently released Version 7 separates ...

Cybersecurity attacks on medical devices can disrupt or deliver inaccurate patient care, as well as negatively impact business operations, resulting in staggering financial impacts due to lost revenue, fines, and penalties. Bruce Schneider, security expert, defines the term “Wicked Problem” ...

British military leadership prepared him for defense against cyber threats. Oz Alashe MBE leads the UK cybersecurity firm CybSafe and has been the driving force behind the CybSafe concept, vision and platform. Oz is a former Lieutenant Colonel in the ...

Navigating “Reasonable Security” under California’s Consumer Privacy Act California is the birthplace of stars, the Internet, and consumer privacy. In 1974, California empowered its residents with an inalienable constitutional right of privacy. Over time, that right has expanded to ...

Employees’ human errors are the weakest link in securing an organization’s confidential information. However, there are some small, inexpensive steps (through employee training) that can reduce information risk. Security Awareness Training (SAT) programs educate an organization’s workforce about the risks ...

Author: Mark Driskill | Date: October 10, 2018 As the father of the Web, Tim Berners-Lee pays close attention to the malicious ways in which some are using his invention, particularly considering recent fake news based social media streams that ...

Ransomware attacks are among the most serious and prevalent threats for data. Ransomware is best understood as a type of malicious software that intends to either publish of block access to information until a “ransom” is paid. While ransomware attacks ...

People are the First Step in Securing the Enterprise One of the quick wins that an Information Governance (IG) program can bring to an organization is the implementation of a Security Awareness Training program.  Information Governance programs are implemented to ...

Part 1, Selecting a framework In today’s cyber threat landscape, companies have a fiduciary duty to assess their cyber security posture.  This is the root function of a Cyber Security Assessment. Typically, 3rd party vendors are contracted to perform the ...

The term vulnerability assessment applies to a broad range of systems. For example, in the context of a disaster recovery plan, the vulnerability assessment would include the likelihood of flooding, earthquakes, and other potential disasters. In the digital sphere, a ...

Sitting down with the in-demand author and speaker Judy has over 25 years of experience in insurance coverage litigation. She has particular expertise in cyber insurance and coverage under various policy forms for today’s emerging risks. As well, she is ...

Reduce Risk with Simulated Attacks Penetration testing (“pen test”) is a technique used by information security (InfoSec) professionals to find weaknesses in an organization’s InfoSec defenses. In a penetration test, authorized cybersecurity professionals play the hacker’s role. Penetration testing attempts ...