Monthly Archives: February 2015

Identity Management: The Times They Are A-Changing

Published February 26, 2015 | By Dan Blum

In a very interesting article on New Tools for Modern Identity, Mark Diodati addresses new challenges with user authentication. He argues that adaptive authentication, and mobile biometric authentication are here to stay. I agree and encourage folks to… Continue reading →

Posted in Dan Blum | Tagged authentication, BYOD, BYOI, identity management, mobile security

Where Should the CISO Report in the Organization?

Published February 24, 2015 | By Dan Blum

Where the CISO should report is probably one of those questions we security professionals will be asking until the end of eternity. We’ll finesse the subject of titles for the security leader, which also vary, and just get started.

The… Continue reading →

Posted in Dan Blum | Tagged governance

A Two Factor Authentication Makeover for your Protection

Published February 23, 2015 | By Dan Blum

Cybercrime. SpyEye. Zeus. Anonymous. APT1. PRISM. Bullrun. Hackers of every sort are everywhere. As I wrote in “TrustNo One Device (Part 2)” and “Direct Memory Access (Again)” you have no assurance your device isn’t … Continue reading →

Posted in Dan Blum | Tagged authentication, cybersecurity, endpoint security, personal protection, phishing

Mitigate Common Attack Paths at the Core

Published February 20, 2015 | By Dan Blum

Last week I wrote that encryption probably wouldn’t have prevented the Anthem breach. The details of that attack haven’t been released, but I found some CSO Online’s analysis that pieces together how it may have… Continue reading →

Posted in Dan Blum | Tagged cybersecurity, governance, identity management

Security Governance 101 Webinar Recording Posted

Published February 18, 2015 | By Dan Blum

WEBINAR DESCRIPTION

Security Governance 101: Choosing Models and Structures

Even on technical consulting engagements, Security Architects Partners often finds that a security governance issue is at the root of the problem we were brought in to solve. Therefore, we’ve developed… Continue reading →

Posted in Dan Blum | Tagged governance, webinar

Encryption Probably Wouldn’t Have Prevented the Anthem Breach

Published February 14, 2015 | By Dan Blum

Anthem’s announcement of a breach to 80 million customer medical identity records in early February motivates an update to my After the Breach series and my 10-year U.S. breach table. The series is also morphing into… Continue reading →

Posted in Dan Blum | Tagged Anthem, APT, breach, encryption, privileged identity management

The Security Dog has Caught the Car: Now What?

Published February 10, 2015 | By Dan Blum

In the tug of war between business units and security, Gunnar Petersen writes: “The security VPs win, quite a lot actually. There is something about a subject that is written about in the Wall St Journal every single… Continue reading →

Posted in Dan Blum

Pressures and Pitfalls for Early Disclosure in the Wake of the Anthem Breach

Published February 6, 2015 | By Dan Blum

As the investigation continues into yesterday’s announcement of the #AnthemHack, Security Architects Partners will be monitoring to see what it portends for early breach notification. By disclosing early, Anthem broke the typical mold of companies waiting to complete a full… Continue reading →

Posted in Dan Blum | Tagged breach, cybersecurity, sharing

Three Laws of the IoT

Published February 1, 2015 | By Dan Blum

The Internet of Things (IoT) can be a mighty scary place. Whether you’re worried about privacy violations when Google Analytics meets your electric meter, malware shutting off the pacemaker or other scenarios for death through devices, there’s lots to be… Continue reading →

Posted in Dan Blum | Tagged IoT, privacy

Monthly Archives: February 2015

Subscribe to Blog Notifications... HERE