Category: CSO

US DoJ guidance on responding to and reporting cyber incidents

When thinking about how to respond to cyber security incidents, you need to think about how your organization will engage with law enforcement – and…

Continue Reading

NIST & Microsoft partner for patching pointers

The US Government’s National Institute of Standards and Technology and 8,000,000 pound gorilla Microsoft are working together to provide industry with definitive guidance on keeping…

Continue Reading

Good security advice from down under

For many organizations, especially small businesses, the thought of starting any kind of cyber security program can seem daunting. With all of the threats out…

Continue Reading

Naming and shaming

So here’s a bit of an odd story… according to the Financial Times, the US Federal Reserve has publicly sanctioned an ex employee of a…

Continue Reading

So your third party has been breached…

Another day, another third party security compromise story… this time it is Indian outsourcing giant Wipro. The firm has confirmed that a small number of…

Continue Reading

Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did. According to a study by…

Continue Reading

Outsourced security program failure leads to $100K regulatory fine

Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing (an electronic trading firm) $100,000…

Continue Reading

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of…

Continue Reading

Malicious data leaks and corporate liability – a tale of two countries

Databreaches.net had a link to a very interesting article about corporate liability for an employee’s malicious leaking of employee information.  What was most striking to…

Continue Reading

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad…

Continue Reading