University Medical Center Hamburg-Eppendorf Scores European Identity Award
Congratulations to our customer University Medical Center Hamburg-Eppendorf (UKE), who was named a winner of the European Identity & Cloud Awards 2013 for Best Approach on Improving Governance and...
View ArticleGovernment Information Security in the Age of Sequester
While meeting with a couple of my regular contacts at a recent AFCEA event, their conversation veered sharply from their normal assessments of cyber attacks into today’s prevalent motif of Beltway...
View ArticleBanking and the Cloud
A trend that has caught the attention of some in the technology media is the reluctance of banks to move to the cloud, despite the benefits. The reason is that over the past 15 years banks, to a large...
View ArticleLax Retail IT Security Exposes Customer Data
I think that most consumers would be horrified with the general state of retail IT security – especially given that these companies handle millions of payment card transaction daily, and collect a...
View ArticleJPMorgan Breach Hints at Financial Sector Bombardment
JPMorgan’s cryptic disclosure that hackers compromised the data of more than 76 million of its consumer patrons -- and 7 million small business clients -- may seem stunning. But it reflects just a...
View ArticleHere’s How to Own the Critical National Infrastructure of a Country
It’s simple for intruders to obtain a list of weak systems from Showdan with a credit card. From there they can take over CNI systems using well known exploits, or powerful and secret zero day attacks...
View ArticleBanks or Retailers, Who Should Pay the Bill for Data Breaches?
The retailers that have suffered data breaches (repeatedly, in some cases) have wretched to non-existent IT security and little to no regard for the personal information of their customers. The post...
View ArticleThe Annual Holiday Season IT Implementation Freeze
Criminal hackers and nation-state attackers don’t care what time of year it is. They won’t respect your IT freeze, so continuous security improvement and continuous compliance needs to occur 365 days a...
View ArticleForce Majeure – Cyber Security Insurance
As we look back on the cyber attacks of the past year, one of the recurring themes was that there was no way the hacked companies could have expected or prevented the attacks that hit them. In legal...
View ArticleData Breach at US Office of Personnel Management Reveals Intent of...
On the surface, last week’s data breach at the US Office of Personnel Management (OPM) might seem like just another cyber attack, like those which affected Target, Home Depot and many others. However,...
View ArticleJPMorgan Chase and the Need for Military-Level Security
Financial services security must now be built and operated at the level of national defense and military-level security; commercial compliance and mitigation are no longer effective strategies. The...
View ArticleSecuring a Dynamic Network
Whenever new computers and applications are deployed on a network, they can introduce unforeseen security risks. Shared and default privileged account passwords are introduced through deployment...
View ArticleNCCoE’s Cyber Security Guidelines for Electric Utilities Are A Good Start
The National Cybersecurity Center of Excellence’s (NCCoE) recent cyber security guide Identity and Access Management for Electric Utilities identified a serious security concern within the energy...
View ArticleGovernment Information Security in the Age of Sequester
While meeting with a couple of my regular contacts at a recent AFCEA event, their conversation veered sharply from their normal assessments of cyber attacks into today’s prevalent motif of Beltway...
View ArticleThe Annual Holiday Season IT Implementation Freeze
Criminal hackers and nation-state attackers don’t care what time of year it is. They won’t respect your IT freeze, so continuous security improvement and continuous compliance needs to occur 365 days a...
View ArticleGuarding Against Spear Phishing Threats
IT security staff at these agencies are on guard against the now pervasive tactic of spear-phishing. In this targeted social engineering attack, hackers use emails that masquerade as trusted...
View ArticleCyber Security Insurance is No Substitute for Good IT Security Practices
Cyber security insurance will never pay off for the purchaser because it does not replace proper security or internal IT controls. The post Cyber Security Insurance is No Substitute for Good IT...
View ArticleAre You Ready for PCI-DSS 3.2?
There are a number of significant changes in PCI-DSS 3.2. We’ll just take a look at the new aspects that directly affect security controls. Here are the highlights of those new requirements. The post...
View ArticleNation-States and Data Breaches
Cyber intruders now use in-country assets to mask their location, making attribution challenging. If the state actor has a grudge that they want to air, then they will use their own addresses to get...
View ArticleAbout This Week’s WikiLeaks CIA Hacking Disclosure…
This week’s sensational Wikileaks revelations about CIA hacking tools has raised all sorts of questions about the US intelligence agency’s hacking arsenal. Here’s my take on the matter. The post About...
View Article
