Category Archives: Governance, Risk and Compliance

Communications Teams Get a Failing Grade Over Heartbleed

First of all, let me say thank you to the security professionals who are working their butts off to develop patches and permanent fixes for problems caused by Heartbleed. I know this is an extraordinary case of the highest priority. Thank you for using your talents and your time to plug this gaping hole and make your users safe again. … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

What’s Needed Now: Supply Chain Integrity Testing

Listen up, all you security experts who want to be an entrepreneur! John Pescatore, the SANS Institute Director of Emerging Security Trends, sees an opportunity for the Next Big Thing in tech security. In Pescatore’s view, there’s a growing need for supply chain integrity testing. In the wake of all the digital spying revelations let loose by the Edward Snowden … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

Attack of the Month Video Blog Series: Network Layer Attacks In ICS

In the world of Industrial Control Systems (ICS)  system outage or infiltration can result in system downtime, loss of productivity and loss of revenue, as well as loss of confidentiality, integrity and availability. Additionally, system outage or infiltration could possibly result in loss of life often due to the critical nature of these devices. Together, lack of access to critical … Read more

Posted in Data Protection, DDoS, Governance, Risk and Compliance, Network Security, Security Management, Uncategorized | Tagged , , , , , | Leave a comment

Who Are Breach Disclosure Laws Meant to Protect? One Merchant Held up Notifications for More Than a Year at the Request of Federal Authorities

I live in Texas, and there’s a regional retailer that has just announced a data breach that is believed to have affected more than half a million customers. The announcement is controversial because the company, Spec’s, supposedly knew about the theft of payment card data almost a year ago and is just now telling customers. As you might imagine, people … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , , | Leave a comment

New DDoS Warning Issued – Banking Industry Beware

The Federal Financial Institutions Examination Council (FFIEC), today released advisory statements warning Financial Institutions of risks associated with cyber-attacks on ATM’s, credit card authorization systems and the continued DDoS attacks against public-facing websites. It is encouraging to see continued awareness and general guidance coming from a credited authority on cyber threat protection.  This advisory statement brings reinforcement to guidelines outlined … Read more

Posted in Data Protection, DDoS, Governance, Risk and Compliance, Network Security, Uncategorized | Tagged , , , , , | Leave a comment

Cybersecurity Professionals Are in Big Demand as Staffing Shortages Hit Critical Levels

In a previous blog post I talked about the upcoming National Cybersecurity Career Fair (NCCF) this June 18 and 19, 2014. NCCF is an innovative virtual meeting place for the top cybersecurity employers and entry to mid level cybersecurity jobseekers in the United States. It turns out that this job fair is desperately needed by employers in practically every industry, … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

National Cybersecurity Career Fair in June Will Connect Employers to Entry Level Cybersecurity Workers

Do you know anyone who is an aspiring cyber security professional? Here is some important information to pass along to help them get their career started. This is also big news if your organization is looking to recruit entry-level people for IT security positions. Coming up this June 18 and 19, 2014, Cyber Aces is presenting the first National Cybersecurity … Read more

Posted in Application Security, Cloud Security, Data Protection, Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , | Leave a comment

Cybersecurity in the U.S. Healthcare System is in Critical Condition and Needs Intensive Care

Last fall my husband was visiting a relative in the hospital when he noticed an Ethernet port on the side of the bed. He asked the nurse what the hospital uses the port for. She explained that they occasionally connect patient-monitoring devices to the port on the bed to facilitate transmission of alerts to the nurses’ station. For example, if … Read more

Posted in Application Security, Data Protection, Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , , | Leave a comment

The Role of Service Providers in Strengthening the Nation’s Cybersecurity

In November 2013, the President’s Council of Advisors on Science and Technology (PCAST) submitted a public report to U.S. President Barack Obama. The report, Immediate Opportunities for Strengthening the Nation’s Cybersecurity, provides key insights from a more comprehensive but classified assessment of the Nation’s cybersecurity needs and opportunities. The purpose of the report is twofold: To point to areas where … Read more

Posted in Governance, Risk and Compliance, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , , , , | Leave a comment

Six Ways that Most Companies Shortchange Their Enterprise Security

I recently had a conversation with Michael Sutton, vice president of security research for Zscaler and head of Zscaler ThreatLabZ. We talked about where many organizations are falling short today in defending against current threats and especially the more dangerous advanced persistent threats. I’ve singled out six common shortcomings that Sutton sees among most companies today.  1.     Failing to stay … Read more

Posted in Governance, Risk and Compliance, Mobile Security, Network Security, Security Management, Security Threats | Tagged , , , | Leave a comment