From the Fall 2018 Issue

Managing Insider Risk in the Perimeter-Less Workplace

Author(s):

Shawn M. Thompson, Founder and President, Insider Threat Management Group, LLC

Cyber-Security-Data-Protectio-234998119

The corporate workplace is rapidly changing. Traditional norms of working at a physical location are becoming obsolete and working remotely is the new norm. A recent study suggest that more than 40 percent of Americans telecommute part-time and some industries (finance, software, management) now have as much as 38 percent of their staff working remotely … Read more

From the Fall 2018 Issue

Cyber Warfare: Are We at DEFCON 1?

Author(s):

Tyler Cohen Wood, Executive Director Cyber Workforce Training, CyberVista

cohen-wood-article-header

The days where war only exists on the battlefield are long gone. Today some of the greatest risks we face are in cyberspace, carried out by nation-state sponsored attackers. What are the threats to individuals, businesses, and our country? Just how realistic are they? How can we ensure we are armed with the knowledge to … Read more

From the Fall 2018 Issue

Cybersecurity Incident Response Planning

Author(s):

Dr. Michael C. Redmond, , EFPR Group

Redmond-article-header

Cybersecurity Incident Response Plan (CIRP) is a crucial consideration for today’s information technology leadership. Attacks are rising in both frequency and severity. The impact is often severe; organizations are disrupted with resulting downtime losses. Although preventative measures can be taken, not all incidents are stopped. Effective incident response capabilities are necessary to rapidly detect and … Read more

From the Fall 2018 Issue

Small Business Strategies for Protecting Computer Credentials

Author(s):

Eric Hipkins, Founder and Chief Executive Officer, R9B

Hipkins-article-header-165991109

Small businesses are rapidly becoming a prime target for malicious actors. The 2018 Verizon Data Breach Investigations Report (DBIR) estimated 58% of all breaches in 2017 took place within small businesses.1 From some perspective, the 2016 DBIR mentioned small businesses only in passing and the 2017 version pointed to small businesses as making up more … Read more

From the Fall 2018 Issue

The Industrialization of Cybersecurity Red and Blue Teaming

Author(s):

Brian Contos, CISO & VP Technology Innovation, Verodin

brian-contos-article-header

The industrial revolution was brought on by purpose-built machinery and automation. A similar revolution has occurred in cybersecurity, leading to the industrialization of red and blue teaming. In large part, this industrialization has been realized through security instrumentation platforms (SIP). Security Instrumentation Platforms SIPs validate that a security system is working as needed: providing foundational … Read more

From the Fall 2018 Issue

Data Classification That Honors Business Value, Part 2

Author(s):

Bill Bonney, CISO Desk Reference Guide, CISO DRG Venture

Bill-Bonney-article-header

Why Is Data Valuation Important? In an excellent article in the MIS Sloan Management Review1, the authors cite three reasons why data valuation is important – to guide decisions around 1) direct monetization, 2) internal investments, and 3) mergers and acquisitions. As noted in a previous article in this series2, there is a fourth reason … Read more

From the Fall 2018 Issue

40% Of Breaches are Related to Credit Card Data: Is Payment Software Secure?

Author(s):

Kelvin O. Medina, Principal Security Consultant, Trustwave

credit-card-data-security-86491586

Forty percent of the data breaches for 2017 were reported as involving credit card data, according to the 2018 Trustwave Global Security Report.1 The data breaches analyzed used attacks such as phishing/social engineering, malicious insiders, and misconfigurations. This is illustrated below in Figure 1: Methods of Compromise2. Those numbers likely do not include hundreds of … Read more

From the Fall 2018 Issue

Zero Days and Zero Trust: Microsegmentation and Security in a World of Many

Author(s):

Jack Koons, Chief Cybersecurity Strategist, Unisys Corp

koons-article-header

In a world where the business model is racing to connect everything, security is failing to keep pace. This sets up a dynamic tension within the organization between the network/infrastructure teams and the security teams. We are placing the current crop of CIO, CISO, and CTOs in an almost untenable position, and levying unrealistic requirements … Read more

From the Fall 2018 Issue

The Paradox of Infosec and the Dropping of a Socket

Author(s):

Gina Yacone, Director of Sales, Braintrace

Data-Breach-Paradox-header

On Sept. 19, 1980, near the small town of Damascus, Arkansas, someone dropped a socket, and it caused a breach. In terms of breaches, it was nuclear! Paradoxical as it may seem, the story of the 1980’s Damascus Titan II explosion showcases how a simple error parallels that of a significant breach of a company’s … Read more