What we Can Learn from the SolarWinds Supply Chain Breach
How could elite security vendor and incident responder FireEye so easily succumb to Solorigate, a state-sponsored supply chain breach of unparalleled magnitude? You should be asking yourselves this question as well as: Is your organization also vulnerable to the SolarWinds… Continue reading
Did Capital One Respond Well to an “Erratic” Data Breach?
On July 19, Capital One Financial Corporation determined it had sustained a data breach of over 106 million user records due to a cyberattack by a user named “Erratic” on Twitter. The company announced the breach to the media July… Continue reading
Optimizing Security Investment Through a Business Case (Part 2)
Optimizing security investment? Every organization needs at some point to determine whether a particular security investment (or expense) is justified by a business case. As discussed in Part 1 of our security business case series, even quantifying expected losses… Continue reading
Security Business Case for Breach Risk Reduction (Part 1)
Security business case justification is always a complex task for two reasons. First, security earns its keep by reducing risk of losses, not by producing revenues. Second, estimating both the size of losses to security incidents, and the extent… Continue reading
Complimentary Webinar: Cyber-Resilience in the Face of a Breach
Two weeks ago I stood before a conference crowd at Cyber Security World 2015 and said: “I hate the term cybersecurity.” And proceeded to give essentially the same presentation that we’ll now bring to all of you through… Continue reading
Privileged Access Management Webinar Recording Available
Last week we delivered our Privileged Access Management (PAM) webinar. In this presentation we noted that because over-privileged accounts are rampant in the IT environment, PAM is a technology that most organizations should consider in the effort to prevent a… Continue reading
Breach Notification and Incident Response: When and How
Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy topics pitched slightly to the Federal audience.… Continue reading
Are you Ready for the Golden Shovel?
Don’t wait for a major security scare at your organization to deliver a “golden shovel.” Have your plan ready to make the most of any teachable moments as well as increases in funding.
Source: Educause Presentation
Security Architects… Continue reading
FEDs 30-Day Sprint is Just the First Step off the Blocks
In the wake of the OPM hack, Federal CIO Tony Scott launched a government-wide cybersecurity Sprint on June 12, giving agencies 30 days to shore up their systems.
The audience for the sprint announcement was clearly the media.… Continue reading
Questions to Ask Your Cyber-Insurance Provider
The breach problem has increased and cyber insurance is on the radar screen for many CEOs. The U.S. Congress is likely to create supportive legislation for cyber-insurance as a vehicle for improved security data sharing and a market-based solution … Continue reading