Corporate web sites getting hacked is news. Corporate news sites getting hacked is news. News sites getting not hacked but going down anyway is…? When NYTIMES.com went down this week for a couple of hours, they felt they needed to provide the proper context for their downtime. The headline of the article they published read … Continue reading
Tag Archives: Cybersecurity
Where Chicken Little Went Wrong
This is about the fundamental formula for assessing risk. I saw a post on a LinkedIn Group the other day, a group where myself and about 39,000 of my closest colleagues (more on them later) exchange ideas around IT Governance and related issues, and I made a comment which led to a discussion which brought … Continue reading
When is a breach notification not a breach notification?
In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack. It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading
One hand washing the other
Can the HIPAA Security Rule learn something from the HIPAA Privacy Rule? When it comes to encryption at the application security level: yes. First, one of my particular soapboxes: in a world where medical records are increasingly found in digital form, the HIPAA Security Rule and the HIPAA Privacy rule cannot be minded by two … Continue reading
Why isn’t this blog more technical
I am getting a fair amount of questions (which is blogger speak for the more introspective “I keep asking myself”): why isn’t this blog more technical? Why aren’t I persistently advancing threads about advanced persistent threats? Am I intentionally filtering out packet filter discussions? (note to self: do not turn into cyber security’s answer to … Continue reading
The Winter of our discontent
Can information security professionals be satisfied? Ever? Yes. But should they be? Ever wonder if Advanced Persistent Threats came into the world in part because the information security profession became more and more predictable? Or worse: commoditized, as I will discuss below. Lately, as corporate web sites from multiple industries in virtually every continent are … Continue reading
Cyber Security professionals need to help stop cyberbullying
Protecting data confidentiality, integrity and availability are not enough. We also must promote the ethical use of cyber space. And that starts by making sure it is not a place where anyone, especially children, can be harmed and exploited. An organization in Ireland does a great job of promoting this important effort: http://www.stopcyberbullies.ie/ Continue reading
Honest, Mom, lots of kids failed that test
The media are certainly becoming more sophisticated at reporting on data breaches and web site hacks. And as that happens, corporate communications departments are freer to craft ever more sophisticated messages about a breach/hack involving their organization. The new goal is to attempt to describe the organization as just the latest victim of an on-going attack … Continue reading
Tellers of tales and Debunkers of myths
An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this does not mean they need to be … Continue reading
SWAT Teams, Power Rangers and Nerds with an edge
As you work in the Information Security field, you realize you can classify your peers into three groups. I guess the title gives away what they are. But it is true. You have the mil-intel-nation-state-attack-vector types. They think of Information Security as an extension of warfare in virtual space. They are often very strong on … Continue reading
{Cyber Security} 