Being an InfoSec Professional / Cybersecurity

The internet is not a highway, but security is like driving a car

I think it is safe to say that the internet is not an information superhighway anymore.  Maybe it was once, but now the interstates are threatening to become toll roads, the blue highways have sponsors and so many things are on the internet that if you do make a wrong turn you could literally end … Continue reading

Breach announcements / Cybersecurity

EVERYONE’S WHITEPAPER…ever. A how-to.

Sample (analysis follows): The cyber security threat landscape is awash in an ever changing fabric of “slings and arrows”.  It’s not just a matter of “if” script kiddies will attack the enterprise but “when” nation states.  And big, big breaches. Before the 20th century, there are only two recorded Denial of Service attacks: the burning … Continue reading

Breach announcements / Cybersecurity

When is a breach notification not a breach notification?

In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack.  It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading

Breach announcements / Cybersecurity / Links

Honest, Mom, lots of kids failed that test

The media are certainly becoming more sophisticated at reporting on data breaches and web site hacks.   And as that happens, corporate communications departments are freer to craft ever more sophisticated messages about a breach/hack involving their organization.  The new goal is to attempt to describe the organization as just the latest victim of an on-going attack … Continue reading