Privacy: Do Customers Deserve an Independent Audit Report?

Electronics are becoming a commodity – there’s not much profit from selling cell phones or laptops anymore (unless you’re apple). So most companies are moving away from investing in hardware as their core business and shifting towards services. Services come in many shapes and sizes, but usually include consulting services, applications, or analyzing and selling customer data. Customer[…]

Deploying a HIPAA Compliant Encryption Policy

HIPAA, or the Health Insurance Portability and Accountability Act, presents a fairly robust set of standards and rules that any organization within the United States handing PHI (Personal Health Information) are compelled by law to address. On the surface, many of HIPAA’s rules appear strait forward, but as I quickly learned while performing a recent[…]

Items of Interest Week of 7/20/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. Hacked: Drones could be the malware delivery system of the future Threat Post: Car hacking gets the attention of Detroit and Washington Krebs on Security: Online Cheating Site Ashley Madison Hacked Business Insider:[…]

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: “CSAIL report: Giving government special access to data poses major security risks” Georgia Tech: “GT Professor testifies before U.S. senators about the balance of privacy & public safety.” Al[…]

Personal Cybersecurity Safeguard Checklist (Whitepaper)

In a world where society increasingly relies on information technology and the internet to pay our bills, secure credit, and pursue education endeavors and our careers, it has become more important than ever to educate ourselves on the risks associated with using information technology and take proactive measures in protecting our identity, personal information, electronic[…]

Data in Transit- Bridging the Gap between Data Owners and Custodians

Ensuring both the integrity and confidentiality of data as it traverses an organization’s internal network and beyond can be complex, especially when attempting to bridge the gap between the Data Owner and Data Custodian, who typically view the organization from very different angles. This presents the IT auditor with a great opportunity to act as[…]

The 50 Most Used Passwords!

Last week I helped a few friends with setting up a new website for their business and their associated email accounts for the domain. At one point in the process, one of them told me the password they wanted to use to access the site. Not shockingly, it was something rudimentary and simple. Despite more[…]

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones.[…]

The Next Big Security Concern: The Internet of things and harvesting your private conversations

People often ask what “the next big thing” around IT security will come about next. In years past we’ve seen the rise of “big data”, “the cloud”, “cybersecurity”, and so on – but what’s next? I personally think one of the biggest unsolved problems in tech is the security of the “internet of things”. The “internet of things”[…]

How to Fix the Lenovo Superfish Security Hole

By now, everyone who works in the realm of IT Security has heard of the Lenovo Superfish fiasco. Today, I’m going to give a moderately technical overview of Self Signed Root Certificates and how Superfish exploited them. After this post, each of you can check the Root Certificates installed on your systems and take action against anything[…]