Posted in best practices CSO deep thoughts hacks risk systemic risk

So your third party has been breached…

Another day, another third party security compromise story… this time it is Indian outsourcing giant Wipro. The firm has confirmed…

Posted in cloud computing CSO online security

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did….

Posted in cloud computing CSO online security

Outsourced security program failure leads to $100K regulatory fine

Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing…

Posted in best practices CSO hacks online security

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other…

Posted in CSO insider threat law privacy

Malicious data leaks and corporate liability – a tale of two countries

Databreaches.net had a link to a very interesting article about corporate liability for an employee’s malicious leaking of employee information.¬†…

Posted in authentication CSO online security worst practices

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two…

Posted in best practices CSO malware useful stuff

Great DerbyCon talk on hunting for the bad guys

It sometimes seems to me that a lack of data is not the issue when patrolling your networks for signs…

Posted in best practices CSO deep thoughts

The Practitioner’s Perspective on Cybersecurity – June 2015

On June 16th, 2015, I was privileged to participate in a panel entitled “The Practitioner’s¬†Perspective on Cybersecurity” at the SmartBrief…

Posted in CSO deep thoughts

What should InfoSec people be doing?

Every once in a while, I like to take a step back and look at just what it is that…

Posted in best practices CSO deep thoughts malware online security social engineering

no, it’s not the end user’s fault

According to a survey released by endpoint security solution vendor Bromium, 79 percent of surveyed information security professionals view end…