Posts Tagged ‘Information Security’
Anatomy of a Security Breach
In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now. It is not often that we get a look at the details of a computer security breach, but in this case at least some details are in the docket of the Eastern District of…
Read MoreThe Smartest Information Security Companies
Every year, MIT Technology Review publishes its list of the 50 smartest companies. This year, two information security companies made the list, along with big-time players like Amazon, SpaceX, etc. TR doesn’t publish detailed selection criteria, but they include things like ability to dominate the chosen market and innovative use of technology. The two security…
Read MoreLong Term Beneficiaries of WannaCry
The current worldwide attack from WannaCry is going to have a lasting impact on information security. The question is: what will that be and who will benefit? In this blog post, I will take a contrarian viewpoint and suggest that it will not be beneficial to security practitioners or security businesses. I think business leaders,…
Read MoreThe Spy Who Couldn’t Spell
Occasionally a book on information security comes along that is required reading by all. The Spy Who Couldn’t Spell is one of those books. Published in 2016 and written by journalist and writer Yudhijit Bhattacharjee, it includes pretty much everything that security professionals deal with every day. The book is non-fiction, dealing with a real-life story of espionage. Here, truth…
Read MoreAlign Your Security Program With the Business
Information security used to be part of IT. That has changed recently; security now needs to be independently aligned with the business operations, not just IT operations. The PCI SSC calls this “Business as Usual” (BAU). NIST CSF talks about aligning cybersecurity requirements with business activities. I call this process information security governance and maintain…
Read MoreDon’t fall victim to BEC
Business Email Compromise (BEC) continues to be one of the most successful information security attack vectors. Criminals steal email addresses and passwords of C-level executives and then use this information to initiate fraudulent financial transfers from the executive’s employer to the criminal’s bank account. In this process the executive’s home network is also vulnerable. It…
Read More