TSA Failure Highlights the Importance of Audit and Assurance

Executives should love IT auditors because auditors provide something every CEO/CIO wants: A view into the operating effectiveness of their company or department. Without audit functions a company might be wasting money, man-power, or spending a lot of time doing things that have no impact on the business. Today, a story broke that an audit[…]

The 50 Most Used Passwords!

Last week I helped a few friends with setting up a new website for their business and their associated email accounts for the domain. At one point in the process, one of them told me the password they wanted to use to access the site. Not shockingly, it was something rudimentary and simple. Despite more[…]

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones.[…]

The Next Big Security Concern: The Internet of things and harvesting your private conversations

People often ask what “the next big thing” around IT security will come about next. In years past we’ve seen the rise of “big data”, “the cloud”, “cybersecurity”, and so on – but what’s next? I personally think one of the biggest unsolved problems in tech is the security of the “internet of things”. The “internet of things”[…]

How to Fix the Lenovo Superfish Security Hole

By now, everyone who works in the realm of IT Security has heard of the Lenovo Superfish fiasco. Today, I’m going to give a moderately technical overview of Self Signed Root Certificates and how Superfish exploited them. After this post, each of you can check the Root Certificates installed on your systems and take action against anything[…]

The Sony Hack – Security Failures and Solutions

The news cycle is a buzz with news of the Sony hack. As I learn more, I can only shake my head in disbelief at two things: 1. the lack of understanding of basic technology concepts and the lazy attempts to coherently explain how IT security and breaches actually work by the media, and 2.[…]

Payment Tokenization: the Future of Electronic Transactions

Credit card data is notoriously susceptible to theft (home depot and target). The problem stems from the use of a single set of data points to authenticate your card for payment. For example, when you visit a merchant or online retailer, a single number, expiration date and CVV (card verification code) are used again and again for all[…]

Network Security: Chinese Hackers, Google, and the NSA

It is a good idea to have a few anecdotes in your back pocket to put I.T. Security and the importance of I.T. Audit into context. This article by Shane Harris is a great place to start when it comes to understanding the depth and breadth of Chinese Hacking and protecting your company’s and your client’s data.[…]