Municipal Governments Suffer Ransomware Attacks

  Municipal governments report a continued increase in ransomware attacks, while the US federal government offers little assistance. Hackers downed a help line during a major snow storm in Akron, Ohio, late last year, and froze the city of Baltimore’s ...

Local US Governments under Cyber Siege

The summer of 2019 continued to be devastating to local governments under siege from hackers and malware. The Texas Department of Information Resources is investigating over 20 attacks on mostly rural Texas towns. Further, this trend does not appear to ...

Google is Listening in – Accidently?

  Have you recently purchased a Google Nest? If so, you might want to know that the latest foray into home security was hiding something from you––microphones. And if you’re curious why you haven’t heard about it, then it shouldn’t ...

Data Safety Insights: Session Replay Technology

  The secretive world of data capture has invaded the iPhone. A recent study by Tech Crunch found that many popular apps are capturing user screen activity without consent. Many companies that use these apps monitor user activity, record it, ...

Cybersecurity must extend to your Supply Chain – Hack Creates Border Risk

If you crossed the southern border of the U.S. into Mexico by car recently, your license plate information may have been compromised. Officials at U.S. Customs and Border Protection (CBP) said they were the victims of a “malicious cyberattack” ...

New Network Monitoring Tool Addresses Massive Data Volumes

  The volume of network traffic inside today’s corporate environments is staggering. Monitoring this increasingly large volume of traffic for signs of malicious activity can be an overwhelmingly complex task. One strategy to deal with this situation is the implementation ...

Protecting Digital FootPrints while you Travel

  In October 2018, Cathay Pacific Airlines announced in a tweet that it discovered “unauthorized access to some of our passenger data.” (1) The breach exposed dates of birth, passport numbers, home addresses, historical passenger travel data, and other vital ...
CIS Mobile Controls v.7

CIS Releases New Mobile Controls v.7

In March, 2019 the Center for Internet Security (CIS) released the Mobile Companion Guide to help organizations map the CIS controls and their implementation in mobile environments. In the companion guide, the focus is on a consistent approach to applying ...

CSAs Cloud Controls Matrix Maps to Leading Frameworks

  The genesis of the The Cloud Security Alliance (CSA) began at the 2008 Information Systems Security Association (ISSA) Chief Information Security Officer (CISO) Forum in Las Vegas. The CSA was incorporated as a non-profit organization in 2009. The ...

Security Awareness Training – What Leading Vendors think is Important

  Reducing the Risk - Security Awareness Training Security Awareness Training (SAT) can be an easy win for IG Programs. Implementation of a SAT program almost immediately reduces corporate risk. Knowledge retention testing and metrics confirm that employees have been ...

U of San Diego Hosts Cyber Law, Risk and Policy Symposium

  Getting Schooled The University of San Diego’s Center for Cyber Security Engineering and Technology (CCSET) hosted a two-day symposium last November on Cyber Law, Risk and Policy. This event brought together cybersec industry thought leaders to discuss how the ...

Stepping into Security Assessments Part 2

  Stepping into Security Assessments – Metrics & Executive Engagement Part II in the Series Before jumping into the topic of assessment metrics, first, a quick update regarding the Center for Internet Security (CIS) controls. Recently released Version 7 separates ...

Medical Device Cybersecurity: A wicked problem

Cybersecurity attacks on medical devices can disrupt or deliver inaccurate patient care, as well as negatively impact business operations, resulting in staggering financial impacts due to lost revenue, fines, and penalties. Bruce Schneider, security expert, defines the term “Wicked Problem” ...

Interview with Cybersecurity Leader Oz Alashe

British military leadership prepared him for defense against cyber threats. Oz Alashe MBE leads the UK cybersecurity firm CybSafe and has been the driving force behind the CybSafe concept, vision and platform. Oz is a former Lieutenant Colonel in ...

Star Struck Reasonable Security under CCPA

Navigating “Reasonable Security” under California’s Consumer Privacy Act California is the birthplace of stars, the Internet, and consumer privacy. In 1974, California empowered its residents with an inalienable constitutional right of privacy. Over time, that right has expanded to ...
Berners-Lee-New-Creation

Berners-Lee’s New Creation

Author: Mark Driskill | Date: October 10, 2018 As the father of the Web, Tim Berners-Lee pays close attention to the malicious ways in which some are using his invention, particularly considering recent fake news based social media streams that ...
Ransomware-2.0-Another-Attack-on-Patient-Records

Ransomware 2.0 – Another Attack on Patient Records

Ransomware attacks are among the most serious and prevalent threats for data. Ransomware is best understood as a type of malicious software that intends to either publish of block access to information until a “ransom” is paid. While ransomware attacks ...
Security-Awareness-Training-Quick-Win-for-IG-Programs

Security Awareness Training – a Quick Win for IG Programs

People are the First Step in Securing the Enterprise One of the quick wins that an Information Governance (IG) program can bring to an organization is the implementation of a Security Awareness Training program.  Information Governance programs are implemented to ...
Stepping-into-security-assessment-part-1

Stepping Into Security Assessments Part 1

Part 1, Selecting a framework In today’s cyber threat landscape, companies have a fiduciary duty to assess their cyber security posture.  This is the root function of a Cyber Security Assessment. Typically, 3rd party vendors are contracted to perform the ...
What-is-a-vulnerability-assessment

What is a Vulnerability Assessment?

The term vulnerability assessment applies to a broad range of systems. For example, in the context of a disaster recovery plan, the vulnerability assessment would include the likelihood of flooding, earthquakes, and other potential disasters. In the digital sphere, a ...

Cyber-Risk Insurance—an Interview with Judy Selby

Sitting down with the in-demand author and speaker Judy has over 25 years of experience in insurance coverage litigation. She has particular expertise in cyber insurance and coverage under various policy forms for today’s emerging risks. As well, she is ...
What-is-Penetration-Testing

What is Penetration Testing?

Reduce Risk with Simulated Attacks Penetration testing (“pen test”) is a technique used by information security (InfoSec) professionals to find weaknesses in an organization’s InfoSec defenses. In a penetration test, authorized cybersecurity professionals play the hacker’s role. Penetration testing attempts ...
Infogovworld-What-is-security-awareness-training

What is Security Awareness Training?

Employees’ human errors are the weakest link in securing an organization’s confidential information. However, there are some small, inexpensive steps (through employee training) that can reduce information risk. Security Awareness Training (SAT) programs educate an organization’s workforce about the risks ...

Print and Digital Editions

Read Our Digital Edition

Get your copy of Information Governance World!

Scroll to Top