St0P Uz1ng P@ssw0rdz l1k3 th1s!

Funny story, but the guy that originally recommended password rules at NIST years ago seems to regret how far that advice traveled and was used. While it's possible people will misstate Bill Burrs' current views on the subject (proving his point again), at issue is how we simple humans use…

Continue Reading

M&A Cyber Risk

  Since significant M&A due diligence activity centers on on valuation both of the asset today (point in time) and as an ongoing source of positive economic activity, risk assessment has long been a foundation of transactions.   The dawning realization among [some] M&A due diligence teams is that risks…

Continue Reading

Mall Maps and Privacy Perception

You are Here For reasons yet unexplained, I'm a fan of those maps you find in traditional shopping malls. The maps that say "You are here" and offer a bright little star to indicate your location. They do something simple and they do it simply. They provide context. I was…

Continue Reading

Sort-of-Encrypted

Recently, the Federal Trade Commission (FTC) announced a $250,000 fine and a Consent Order with Henry Schein over misleading claims about encryption in their software. If we're honest, for the average consumer it’s not even a blip on the radar. That changes when we're talking about a child's health records. I've…

Continue Reading

What to do with Cyber Risk?

 I attended a Cyber Security presentation this morning organized by a leading insurance and benefits provider with offices in St. Louis. They brought together speakers representing brokers, wholesale as well as accounting and audit to discuss cyber security with business owners.As they build momentum around cyber-liability offerings, it’s becoming clear…

Continue Reading

Security Assessment in Simple Terms

  If you have the curiosity and time, I recommend reviewing NIST Special Publication 800-115, "Technical Guide to Information Security Testing and Assessment". In addition to being 80 pages of excitement and fun, this document provides us with rich details on testing information technology systems using a consistent approach.  For the sake…

Continue Reading

What the CEO Should Say about Cybersecurity

 There are no 100% guarantees in information security.I heard it repeated last week at an industry conference. The conversation starts with back and forth stories about using technology to combat security problems.  For every solution described, someone offered the reason it didn't work. Ultimately they dropped the claim that "breaches are…

Continue Reading

3 Ways Wi-Fi can Wreck your Day

At work, home, or in public, everyone is exposed to threats while using WiFi on their phones, tablets or computers. Fortunately, many Wi-Fi risks can be mitigated easily. "Open" hotspots create an immediate risk of eavesdropping with few barriers, but even secured networks in public can compromise the path between…

Continue Reading

You have reached the last post.

No more pages to load

Close Menu