2016 Cyber Risk Reports Reveal the Need for Effective Risk Assessments to Better Allocate Resourses

As companies continue to shift data and resources to electronic formats, a trend growing faster year over year, information and cyber risks shift to the top of management’s priority list. This means that management must dedicate more resources – resources that don’t exist – to the management information risk. This shortage of human resources combined with an exponentially growing[…]

I am an OPM Data Breach Victim- Next Steps

Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach. To add insult to injury, I was never actually a federal government employee. A few years ago, I consulted on a few enterprise systems migrations[…]

Differentiating Penetration Tests, Vulnerability Scans, and Risk Assessments

Penetration testing has become another hot, and often misused term in the marketplace, joining the ranks of other buzz words such as “Cybersecurity”, “Hacker” and “The Cloud”. Often times, organizations confuse penetration testing with vulnerability scans or security posture assessments (a.k.a risk assessment). While penetration testing does include utilizing vulnerability scans and overlaps with security[…]

Are Penetration Tests Worth the Risk?

I have had several conversations with executives recently about the role of penetration testing and whether or not penetration testing is worth the risk? There seems to be two schools of thought on this issue. One side argues that pen testing is inherently more risky than the risk it’s trying to mitigate, the other side calls[…]

Deploying a HIPAA Compliant Encryption Policy

HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address. On the surface, many of HIPAA’s rules appear strait forward, but as I quickly learned while performing a recent[…]

Items of Interest Week of 8/3/2015

Here are some quick reads  for the week of August 3, 2015. If you have interesting links of your own share them in the comments. Brian Krebs: “Chinese VPN Service as Attack Platform?“ CFO.com: “Don’t Overlook Data Security Issues In M&A Deals“ The Register: “A third of workers admit they’d leak sensitive biz data for peanuts“[…]

Cybersecurity Controls for the Manufacturing Environment

The endless barrage of cybersecurity attacks and data breaches in recent history is cause for concern for every company in every industry including manufacturers. Perhaps especially manufacturers – since manufacturing may be the only industry where a cyber-attack may result in explosions or even car crashes. For example, in 2014 attackers disrupted the plant control systems in[…]

Lessons Learned from a Cybersecurity Review

The past week presented me with a neat opportunity. I was asked to assess a so called “Cybersecurity” plan of action for a small organization which has a strong internet presence but little internal expertise in the way of IT operations and security. When I was initially approached about my expertise on cybersecurity and willingness[…]

Managing User Access in the Manufacturing Environement

Managing user access in the manufacturing environment, especially at the plant level, is tricky. Unique machinery and production requirements call for specific skills and infrastructure that may not be supported centrally by corporate managers.  This means that many plants must operate as independent sub-businesses within a larger corporation.  Thus, governance and control of critical plant infrastructure and machinery is[…]

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: “CSAIL report: Giving government special access to data poses major security risks” Georgia Tech: “GT Professor testifies before U.S. senators about the balance of privacy & public safety.” Al[…]