On July 19, Capital One Financial Corporation determined it had sustained a data breach of over 106 million user records due to a cyberattack by a user named “Erratic” on Twitter. The company announced the breach to the media July… Continue reading
Optimizing security investment? Every organization needs at some point to determine whether a particular security investment (or expense) is justified by a business case. As discussed in Part 1 of our security business case series, even quantifying expected losses… Continue reading
Security business case justification is always a complex task for two reasons. First, security earns its keep by reducing risk of losses, not by producing revenues. Second, estimating both the size of losses to security incidents, and the extent… Continue reading
Two weeks ago I stood before a conference crowd at Cyber Security World 2015 and said: “I hate the term cybersecurity.” And proceeded to give essentially the same presentation that we’ll now bring to all of you through… Continue reading
Last week we delivered our Privileged Access Management (PAM) webinar. In this presentation we noted that because over-privileged accounts are rampant in the IT environment, PAM is a technology that most organizations should consider in the effort to prevent a… Continue reading
Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy topics pitched slightly to the Federal audience.… Continue reading
Don’t wait for a major security scare at your organization to deliver a “golden shovel.” Have your plan ready to make the most of any teachable moments as well as increases in funding.
Source: Educause Presentation
Security Architects… Continue reading
In the wake of the OPM hack, Federal CIO Tony Scott launched a government-wide cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
The audience for the sprint announcement was clearly the media.… Continue reading
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading