Author Archives: Brian Musthaler

The National Computer Forensics Institute Trains U.S. Law Enforcement Professionals on Digital Evidence

In 2011, young mother Casey Anthony went on trial for the murder of her two year old daughter Caylee. You may recall some of the lurid details from the case. In June 2008, the mother reported her child as missing. Caylee’s skeletal remains were found by a utility worker in December 2008. Prosecutors felt they had enough evidence to charge … Read more

Posted in Uncategorized | Tagged , , | Leave a comment

PCI-DSS 3.0: Will it Successfully Address Compliant Insecurity?

I and many others have been saying for a long time that being compliant with a regulation or industry mandate does not make a computing environment secure. There are numerous reasons this is true, ranging from “the check list approach” to “not understanding the actual intent of specific compliance controls.”  This is especially true when it comes to the Payment … Read more

Posted in Data Protection, Governance, Risk and Compliance, Security Management, Security Threats, Uncategorized | Tagged , , , | Leave a comment

Store Systems Security: Preparing for the Retail System and Security Paradigm Shift

I was in an Office Depot the other day. There was one person in line at the checkout counter and another customer approaching the line. Then a sales clerk intercepted the person heading toward the line and said, “I can help you right here, sir.” The clerk had a mobile device in her hands. She swiped the customer’s credit card, … Read more

Posted in Mobile Security, Network Security, Security Management, Security Threats, Uncategorized | Tagged , , , , | Leave a comment

Moving from Compliance to Risk-Based Security – Part 2

In my previous post, Moving from Compliance to Risk-Based Security – Part 1, I mentioned that I would share my discussions with two security executives who feel strongly about this topic. Both of them participated in the Wisegate CSO peer discussion documented in the report Moving From Compliance to Risk-Based Security. These experts clearly confirm the need to embrace risk … Read more

Posted in Governance, Risk and Compliance | Tagged , , , | Leave a comment

Moving from Compliance to Risk-Based Security, Part 1

After 10 years of managing an IT audit function for an international energy company, I had the opportunity to head up their IT Strategy group that was charged with creating Organizational IT Security and Risk profiles and plans. The charge of this function was to annually evaluate organization-wide internal and external risk as it relates to IT, and to communicate … Read more

Posted in Governance, Risk and Compliance | Tagged , , , , , | Leave a comment

ISACA Advanced Persistent Threat Survey Shows Some Eye-opening Findings

Advanced persistent threats (APTs) have been in the headlines over the past couple of years for affecting some high profile enterprise networks. Many thought these attacks were limited to government networks. However, in January 2010, the source code and intellectual property of Google and at least 20 other companies in the high-tech industry and defense industrial base were targeted and … Read more

Posted in Network Security, Security Threats | Tagged , , | 1 Comment

Preparing for the Top IT Security Threats of 2013

Many times in their daily jobs, IT operations and information security (infosec) professionals get so immersed in “the trees” (i.e., the hot issues of the day) that they sometimes lose sight of “the forest” (the broader challenges that impact our businesses as a whole). While every organization has its trees, however different they may be from company to company, they … Read more

Posted in Security Threats | Tagged , , , | 2 Comments

NetWars Tournament of Champions Tests the Skills of the Nation’s Top Cyber Security Practitioners

Sometimes, life imitates art, and vice versa. Consider the Tom Clancy’s Net Force series of novels created by Clancy and Steve Pieczenik, and written by Steve Perry. The storyline of these books centers around a special division within the FBI tasked with combating crime on the Internet and protecting the country from untold cyber threats. If the premise sounds familiar, … Read more

Posted in Network Security | Tagged , , , , | Leave a comment

When it Comes to Controls and Compliance, Fix Once and Comply with Many

Fix once and comply with many! This is the holy grail of both controls and compliance for organizations that need to comply with multiple regulations and standards. For example, a large enterprise might have to assure that it’s fully in compliance with SOX, HIPAA, COBIT, PCI and ISO 27001. Determining and implementing the proper controls and validating compliance for all … Read more

Posted in Governance, Risk and Compliance | Tagged , , , | 2 Comments

Who let the data out? Careless workers, that’s who

Frequently we see headlines about high profile data breaches where cyber criminals break into corporate computer systems and steal customer lists, credit card numbers or other sensitive information. These high profile breaches are certainly clear and present dangers to both the companies charged with protecting this data and the consumers whose private data has been exposed. However, breaches due to … Read more

Posted in Data Protection | Tagged , | Leave a comment