NIST Cybersecurity Framework Turns 5

If you are a small business owner or even the manager of a bigger enterprise, the NIST Cybersecurity Framework can help you create a cybersecurity program that works.  The framework is voluntary, which means you can pick and choose the parts that work best for your organization.

When developing your program, starting with NIST can make the process simpler.  You ...

Continue Reading →
0

Top Jobs In Cybersecurity Pay Six Figures

Are you working in information technology, but your career has gone stagnant or your work become boring and repetitive?  Are you graduating from high school and considering career paths.  Are you in college earning a “computer science” degree and wondering if you will be writing code your whole life?  Maybe you should consider a career in cybersecurity.

I was interested in security ...

Continue Reading →
0

EMV Cards Not Preventing Card Data Theft

The implementation of EMV (Europay, Master Card, Visa) or “chip” cards have not reduced the instances of credit card theft in the US.  The reason:  WE ARE DOING IT WRONG!!  I have been writing about the late implementation of EVM for years, and complaining about the “chip and sign” method we are using in the United States, vs. the much more secure “chip and PIN” method used in Europe, where they ...

Continue Reading →
0

Security Policies That Respect Users

Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users).  Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users.  Sometimes we allow our ...

Continue Reading →
0

Data Breach – What To Do Next

Your IT manager comes to you with a look on his or her face that is a combination of panic, shock, and depression.  “We’ve been breached, and it looks like they got into the customer database, but I’m not sure how long they’ve been on our network, and what else they might have done.”  Do you know what you need to do next?

In previous articles we have covered Continue Reading →

0

Is Your Vendor a Security Risk? A Look at Vendor Risk Management

What if the biggest security risk your company faced was from an employee at a trusted vendor company?  Third party risk management, or vendor risk management, is an emerging cybersecurity practice that larger companies are using to mitigate the risk that smaller, network connected third party and vendor companies can represent.

The classic example of the dangers a vendor can bring to another company ...

Continue Reading →
0

Do You Accept Credit Cards? How Credit Card Breaches Happen

If your business accepts credit cards for payment, then your a subject to the regulations of the Payment Card Industry.  This is known as PCI-DSS Compliance.  PCI compliance company Security Metrics recently released an infographic that shows the main compliance failures that lead to credit card breaches in 2017.  Here are some of the startling take-aways:

  • Businesses that took credit cards ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


 Top 9 Free Phishing Simulators

Looking to run a phishing attack against your team?  Here’s a article from Infosec institute on the top 9 free phishing simulation products.


Your Nigerian Prince is a 67 year old from Louisiana

Sure looks like a prince to me.  Like Prince Charles.  (Those ...

Continue Reading →
0

NIST Warns Against Lack of Security in Critical Infrastructure

NIST (National Institute for Standards and Technology) released Special Publication 800-53 version 4 recently, and it covers the shortcomings in privacy and security in the national power grid, water control systems, dams, oil and gas utilities and similar computer controlled systems.  There are no coherent or enforceable standards for Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that ...

Continue Reading →
0
Page 1 of 2 12