From the Spring 2021 Issue

How Much is Too Much When Paying Out a Reward for a Vulnerability?

Author(s):

Alex Haynes, CISO, Cheshire Datasystems Ltd.

how-much-is-too-much-when-paying-out-a-reward-for-a-vulnerability

There has been a lot of publicity surrounding ‘bug bounty’ programs that pay out seemingly large rewards for finding vulnerabilities in web applications. This trend has increased over the years as crowdsourced security programs have matured since their inception almost 10 years ago and their adoption has become mainstream. Should we pay out large sums … Read more

From the Spring 2021 Issue

Human Psychology Toward Cybersecurity Can Build Value as a Business Enabler

Author(s):

Glenn Axelrod, M.Sc. IT, CISA, CEO , HKA Technology Solutions, L.L.C.

human-psychology-toward-cybersecurity-can-build-value-as-a-business-enabler

Cybersecurity human engagement is not always apparent. Attack victims are particularly vulnerable; therefore, cybercriminals utilize pre-defined destructive motivations. Nevertheless, users worldwide continue to hand over confidential information unintentionally, or merely because of curiosity. Cyber adversary actions are usually the subject of research (i.e., what we do and what we could have done to prevent the … Read more

From the Spring 2021 Issue

Five Best Practices for Cloud Security

Author(s):

Alex Jones, Information Security Manager, Cobalt.io

5-best-practices-for-cloud-storage

Companies of all sizes are rapidly moving to cloud-based technology to enable a remote workforce and support critical business functions in the challenging pandemic environment. While the expansion of cloud services has exponentially accelerated through COVID-19, the truth is they have been growing rapidly even before the pandemic. These shifts increase companies’ attack surface and … Read more

From the Spring 2021 Issue

Cybersecurity: The Danger of Comfort Zones

Author(s):

Dr. Rebecca Wynn, Global CISO & Chief Privacy Officer , Author

cybersecurity-the-danger-of-comfort-zones

The biggest danger of any organization is comfort zones. These comfort zones are seen in silos and in the culture of “we have always done things this way.” Cybersecurity, compliance, privacy, governance, and IT departments are no exception to having this danger. The emergence of new devices and software products designed to unite employees has … Read more

From the Spring 2021 Issue

Telemedicine is Not Going Anywhere – Where’s the Security Infrastructure to Back It Up?

Author(s):

Asaf Ashkenazi, Chief Operating Officer , Verimatrix

telemedicine-is-not-going-anywhere

In the wake of 2020’s last year’s world-shaking events, traditional workflows were completely disrupted, accelerating digital transformation at a rapid pace. Telemedicine, a virtual replacement for in-person doctor visits via video or other technological methods, started gaining significant traction in recent years, reaching an all-time-high due to COVID-19. Patients have now turned to telemedicine in … Read more

From the Spring 2021 Issue

Recovering from Catastrophic Data Loss

Author(s):

Roland Airey, Senior Consultant, Kenneally Technology Services

protect-your-data

Now, almost all parts of our business life are digital! Spreadsheets, pictures, accounting files and videos are all particularly important files maintained by your company or organization. There is a possibility at some point data was stolen from you by a computer hack or perhaps files were deleted by a disgruntled employee. No matter the … Read more

From the Winter 2021 Issue

What’s Wrong with Our Industry? Business Survival and Network Security in Times of Crisis

Author(s):

Jack Koons, Author, Lecturer

Data Data Data

Hard Truths Members of the cybersecurity industry need to face a few hard truths: The perimeter as we know it is rapidly dissolving. Your data must now traverse known and unknown (i.e., untrusted) infrastructure and operate on devices no longer considered “corporate”. Identity is the new perimeter – no longer constrained by static routing tables … Read more

From the Winter 2021 Issue

Ransomware: The King of Evolution

Author(s):

Dr. Jason Edwards, Cybersecurity Strategy Principal, USAA

Griffin Weaver, Senior Legal Counsel, Dell Technologies

ransomware-king-of-evolution

The concept of ransomware is not new – not even for this century. Rather, it’s an old crime that has evolved with the advent of the computer age and the need to conduct business online. Ransom crimes (i.e. holding something of value hostage) have been around for thousands of years. But now, with the introduction … Read more

From the Fall 2020 Issue

Incident Response: Making the Most of the Work Product Doctrine in Litigation

Author(s):

Razvan Miutescu, Privacy Counsel, Whiteford, Taylor & Preston

Data Protections Laws

(This article is an updated version of a prior publication to reflect new legal developments.) Organizations in the United States face a growing web of complex foreign, federal, and state privacy and data protection laws that apply to their operations. Running afoul of these laws, particularly in the context of a data breach, is met … Read more

From the Fall 2020 Issue

Data Correlation for National Resilience

Author(s):

Dr. Scott Jasper, Captain, U.S. Navy, Retired, Naval Postgraduate School

Data Correlation for National Resilience

A pillar of the March 2020 Cyberspace Solarium Commission report is to promote national resilience to deny adversaries the benefit of their cyber operations.[1]  This ambition is consistent with the Department of Homeland Security’s vision to increase security and resilience across government networks and critical infrastructure.[2]  While the term security means the capacity to prevent … Read more