Being an InfoSec Professional / Breach announcements / Cybersecurity

A recent REALLY BIG breach: reporting relationships and college degrees

We are somehow hearing about what the Equifax CISO studied in college and not about when the firm’s last pen test was.    We are hearing about how heads rolled at Equifax but not if the reporting relationship between IT and Security has been revised.  Since the interim CISO seems to be reporting to the interim … Continue reading

Breach announcements / Cybersecurity / Data Science / Privacy

When is a breach notification not a breach notification (part three)?

When it is presidential primary news.  When the “family feud” is more newsworthy than the data.  When there are no less than four parties involved who one can identify as data custodians of one kind or another. In a single sentence, the incident can be described as follows (the four data custodians are numbered in … Continue reading

Breach announcements / Cybersecurity

The hack that maybe wasn’t: Ashley Madison

In the world of on-line romance and breach notifications, the Ashley Madison hack is unique. Usually, on-line romance crimes involve fraud.  Law enforcement officials report that on-line romance fraud is under-reported because the victims are too embarrassed to admit they were duped.  They do not want to go through the humiliation of having a detective … Continue reading

Breach announcements / Cybersecurity

EVERYONE’S WHITEPAPER…ever. A how-to.

Sample (analysis follows): The cyber security threat landscape is awash in an ever changing fabric of “slings and arrows”.  It’s not just a matter of “if” script kiddies will attack the enterprise but “when” nation states.  And big, big breaches. Before the 20th century, there are only two recorded Denial of Service attacks: the burning … Continue reading

Breach announcements / Cybersecurity

When is a breach notification not a breach notification (revisited)?

When it’s a customer service announcement.   At least that’s what one in-flight internet on demand service provider claimed. So, the first thing to understand is that there is no reason to believe that customer information was actually compromised.  On the other hand, as Bruce Schneier points out in Liars and Outliers, society runs on trust … Continue reading