ITsecurity
twitter facebook rss

BCP or emergency preparedness for small business

Posted by Rob Slade on September 1, 2016

I have mentioned that I recommend people get emergency management training. I have mentioned that there are all kinds of benefits to taking emergency management training. Maybe I’m a bit of a bore, but I take every opportunity to mention that people should get emergency management training. Since I also teach and present about business […]

What do the simple folk do for security?

Posted by Rob Slade on July 28, 2016

I don’t mean to offend anybody with that title: it’s just a joke on the song from “Camelot.” But it does raise an issue. I’ve never been an uber geek. It’s been decades since I was a network maven. But I do know network basics, and something about internals, and the difference between an app […]

Risk assessments

Posted by Rob Slade on July 14, 2016

I’ve had a beard for over four decades.  Last time I shaved was 35 years ago.  Now I had to shave for a biopsy on my cheek.  I only had to shave the cheek, really, but Gloria never has seen me without a beard, so what the heck. In reality, I don’t like either the […]

CISA: will it be good or bad for security?

Posted by Kevin on December 29, 2015

The long title for CISA is, “To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.” But not everyone thinks it actually will improve security. Top Takeaways More than 73% of CISOs think CISA will be bad for security The most prevalent view is that it […]

Hacking Back: Should Business Have the Right?

Posted by Kevin on December 27, 2015

It is a natural law that you can meet force with force in order to defend yourself. How far should this extend into the cyberworld: should hacking back be a legal right for private business? Top Takeaways CISOs will obey the rule of law and not hack back alone The involvement of law enforcement changes […]

Disclose: how soon after a breach should you disclose?

Posted by Kevin on December 23, 2015

The recent hack of the UK telecoms company TalkTalk highlights a vexing problem for CISOs: how quickly – and indeed to what extent – should you disclose a breach. Top Takeaways CISOs are not in favor of early breach disclosure Incident response plans should be in place before a breach Talk to counsel before disclosing […]

CISO View: Blocking Tor from the Enterprise

Posted by Kevin on November 18, 2015

The Onion Router (Tor) was designed to protect privacy and anonymity on the internet. However, it is increasingly being used by criminals to protect themselves and their endeavors. Last year Kaspersky Lab noted, “the cybercriminal element is growing… We found Zeus with Tor capabilities, then we detected ChewBacca and finally we analyzed the first Tor […]

CISO View: on Enforcing Ad Blocking

Posted by Kevin on November 2, 2015

Ad blocking is in the news. On the one hand is the moral argument put forward by publishers and marketeers that advertising fuels the free internet. According to a PageFair/Adobe study $21.8bn has already been lost in advertising revenue during 2015. On the other hand is the argument that intrusive adverts spoil the internet experience and […]

Safe Harbor: Quo Vadis?

Posted by Kevin on October 26, 2015

The European Court of Justice ruling on October 6 has far-reaching implications. The court has not specifically ruled that Safe Harbor is illegal, only that it can no longer automatically be assumed to be legal. In short, any US company relying on Safe Harbor can now be challenged in court. The reality, however, is that […]

Will EMV Require New Security Controls?

Posted by Kevin on October 19, 2015

EMV (EuroPay, MasterCard, VISA) payment cards are coming to the US. This follows a series of huge retail breaches; although it is not entirely certain that EMV cards would make any difference to the outcome of those breaches. CISOs believe their defense against attack is strong  CISOs believe that CNP fraud prevention may need to […]