information security | paulmudgett.com

Posts tagged: information security

Lessons Not Learned – Public-Private non-communication in CyberSecurity

One of the deficiencies that came to light in the aftermath of the 9/11 terrorist attacks was the communication failure between competing intelligence agencies. A report released this past Monday from the Government Accountability Office shows that the same failure to communicate is happening in the cybersecurity arena. The breakdown in this arena is between [...]

Don’t Be a Billy

I’m getting a kick out of some fun videos put together by the fine folks at StaySafeOnline.org. Check them out and enjoy this awareness video: “Don’t be a Billy”

Wednesday August 4th, 2010 in , information security, security awareness | No Comments »

Security Professional Pipeline

The demand for a trained and educated information security workforce here in the U.S. continues to grow. Creating a pipeline of information security professionals has to start early. A national campaign to develop the next generation of “Cyber Defenders” has been happening without the fanfare or kudos that it needs. The Collegiate Cyber Defense Competition [...]

Friday June 25th, 2010 in , information security, security awareness, US Cyber Challenge | No Comments »

Cyber Risk being disclosed in SEC filings

A June 8 Bloomberg Businessweek article noted that publicly traded companies have started including the “material risk” of computer attacks in their SEC filings. It’s interesting to see the admission of some major companies that the threat of targeted attacks can impact the bottom line. In what will undoubtedly become the trend in risk reporting [...]

Tuesday June 15th, 2010 in , data protection, information security, security vision, strategic asset | No Comments »

Evolution of Policy Management

Policies, procedures, guidelines, standards. Most organizations have these in some form or another but how the organization manages these important “documents” is quite telling. The Story Teller These organizations rely on word of mouth. People just “know” what the procedure is or what they are “supposed” to do. Just like nomadic tribes passing down their [...]

Wednesday June 2nd, 2010 in , information security, policy | No Comments »

Thousands of Businesses had an Uneventful Day

I guess that headline wouldn’t sell too many papers but in most cases this is the reality that drives many decisions related to information security investment. For most executives, the sky isn’t always falling and a security team that tries to operate under that premise is soon thought of as the Boy Who Cried Wolf. [...]

Thursday May 27th, 2010 in , data protection, information security, strategic asset | No Comments »

New CyberSecurity Coordinator points to private sector solutions

Once again I find myself liking White House Cybersecurity Coordinator Howard Schmidt’s approach even if I think his position is weakened based on placement, authority, etc. In a Bill Brenner article today on CSOonline, Schmidt points to the defense against the wide range of threats, including coordinated attacks, to be best lead from the private [...]

Wednesday April 7th, 2010 in , cyber czar, information security, National Cyber Security, security enabler, security vision | 1 Comment »

NJ Supreme Court impacts privacy expectation

The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer. NorthJersey.com article. Interesting ruling which will certainly change some thoughts as to personal use of work computers. While I’m a proponent of privacy rights, I’m torn on this particular [...]

Monday April 5th, 2010 in , data protection, disgruntled employee, endpoint security, information security, insider threat, PII | No Comments »

Fail to plan, plan to fail… incident response preparation

Consider this: A review of an application or database that processes and stores customer information, including personally identifiable information, has been compromised. What are you going to do? Many organizations fail to plan for a compromise and unfortunately, often exacerbate the damage while attempting an “on the fly” response to an incident. The absolute worst [...]

Thursday March 25th, 2010 in , data protection, incident response, information security | No Comments »

Be an Agile Defender

Anti-virus software is based on signatures of known viruses. It’s a reactive product by nature and it should be known by now that these products are ineffective against new viruses and new variants. That said, why test AV products against attacks they haven’t seen and then make a stink about it in a ComputerWorld article? [...]

Thursday March 18th, 2010 in , data protection, information security, security enabler, security scotoma, security vision | No Comments »

paulmudgett.com

Information Security & Business Leadership