You've no doubt heard the vendor spiels and seen their solutions for gaining control of your Internet of Things environment. But do you truly have IoT under control? Like other things in IT, it can be pretty overwhelming, especially when you're struggling to keep your arms around your traditional network environment with cloud and mobile and all the complexities they bring. Well, IoT security doesn't have to be that difficult. It's ...
Continue Reading...Yesterday, soon-to-be President Donald Trump showed just how ignorant politicians can be when it comes to computer security, breaches, and hacking. Referring to the Russians interfering with our recent election, the Donald said:"Once they hack if you don't catch them in the act you're not going to catch them...They have no idea if it's Russia or China or somebody. It could be somebody sitting in a bed some place."It's interesting. ...
Continue Reading...With all that's happening in the world of information security, it seems that there's never enough regulation. From to HIPAA to the state breach notification laws to PCI DSS and beyond, there are rules - and guidance - around every corner. Oddly enough the breaches keep occurring. As if what we've been told up to this point is not reasonable enough. Some people, mostly federal government bureaucrats and lawyers who ...
Continue Reading...I know it's painful to listen to our Ruler wax poetic about how great things are in America and how he's going to continue transforming society for the better...so just in case you missed last night's State of the Union and proposed initiatives, his regime wishes to "better secure" the Internet and our networks by making changes to the Computer Fraud and Abuse Act (CFAA). Here are some good reads ...
Continue Reading...2015 marks my 26th year working in IT and my 20th year focusing on information security. I'm so fortunate to work in such an amazing field and even luckier to have gained some wisdom over the years that has allowed me understand the true challenges we face with information security! As much as the vendors, researchers, and criminal hackers want us to believe it's the threats that cause all the ...
Continue Reading...The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...
Continue Reading...PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter.I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 now ...
Continue Reading...I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...
Continue Reading...I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...
Continue Reading...ISACA and TechTarget are putting it on...It starts tomorrow (Wednesday) morning at 7:45am ET.Several thousand people will be in attendance...it's the largest crowd I've ever spoken to.It'll be engaging. It'll be informative. You'll hear what I really think about Obama's Cybersecurity mandates. You can't miss it.I'll be kicking things off with the keynote...then I'll be followed by some true information security experts:Theresa M. Grafenstine, Inspector General U.S. House of RepresentativesDr. ...
Continue Reading...