2018 Cyber Resolutions for the CEO

Posted on Posted in Governance, Risk Management and Compliance (GRC), Proactive Defense
Start on January 1

The new year is upon us, which means that you’ve hopefully gotten your fill of family, good food, and nostalgic playlists. It also means that the inevitable resolutions are also here. Since many of you will be busy with other priorities, I’ve put a quick list together of cybersecurity resolutions for CEOs and Founders. Committing […]

I WANNACRY: When will the world start to listen to cybersecurity experts?

Posted on Posted in Governance, Risk Management and Compliance (GRC), Proactive Defense
car crash

In the early 90’s, when the consumer “World Wide Web” as it exists today was just getting started, it was apparent to many that we would soon be facing some serious security issues. The original Internet was built on trust: trust between universities and research institutes and the security-through-obscurity which came with being the only […]

Interpreting the New York State Cybersecurity Regulations

Posted on Posted in Governance, Risk Management and Compliance (GRC)
NYS Cyber Regulations

New York State has led the nation in releasing its 23 NYCRR 500¬†cybersecurity regulation for financial institutions. This article is aimed mostly at those institutions, to give them guidance around what can be expected of them around this regulation, but its adoption has consequences for all states as it’s likely this will be expanded nationally […]

Virtual CISO Services – Virtual CISO-as-a-Service comes of age

Posted on Posted in Governance, Risk Management and Compliance (GRC), Proactive Defense, Services
iphone

vCISO, or Chief Information Security Officer (CISO)-as-a-Service, is a concept whose time has come CISOs are hard to come by and good ones even more so. InfoSec professionals in general are tough to find and especially ones that can fulfill all the duties of a traditional CISO or InfoSec team: understanding business requirements, legal requirements, […]

Your Vendor is Lying to You

Posted on Posted in Education & Training, Governance, Risk Management and Compliance (GRC), Services
vendor-lying

The Target breach illustrated just how important vetting third parties is. The hack was successful for a number of reasons (including Target’s failure to act on the attack much earlier, when it was detected), but the initial breach happened through a small vendorwhich had single-factor remote access to Target’s network. It’s unclear what Target’s third […]