Are you working in information technology, but your career has gone stagnant or your work become boring and repetitive? Are you graduating from high school and considering career paths. Are you in college earning a “computer science” degree and wondering if you will be writing code your whole life? Maybe you should consider a career in cybersecurity.
I was interested in security ...
Continue Reading →
The implementation of EMV (Europay, Master Card, Visa) or “chip” cards have not reduced the instances of credit card theft in the US. The reason: WE ARE DOING IT WRONG!! I have been writing about the late implementation of EVM for years, and complaining about the “chip and sign” method we are using in the United States, vs. the much more secure “chip and PIN” method used in Europe, where ...
Often it seems that security policies are designed with the assumption that average computer users are ID10Ts (idiot users). Related terms such as PEBKAC (Problem Exists Between Keyboard And Chair), PICNIC (Problem In Chair, Not In Computer), IBM error (Idiot Behind Machine error) and other similar phrases illustrate the dark side of our interactions with our users. Sometimes we allow ...
Your IT manager comes to you with a look on his or her face that is a combination of panic, shock, and depression. “We’ve been breached, and it looks like they got into the customer database, but I’m not sure how long they’ve been on our network, and what else they might have done.” Do you know what you need to do next?
In previous articles we have covered Continue Reading →
What if the biggest security risk your company faced was from an employee at a trusted vendor company? Third party risk management, or vendor risk management, is an emerging cybersecurity practice that larger companies are using to mitigate the risk that smaller, network connected third party and vendor companies can represent.
The classic example of the dangers a vendor can bring to another ...
Continue Reading →
If your business accepts credit cards for payment, then your a subject to the regulations of the Payment Card Industry. This is known as PCI-DSS Compliance. PCI compliance company Security Metrics recently released an infographic that shows the main compliance failures that lead to credit card breaches in 2017. Here are some of the startling take-aways:
A quick Saturday digest of cybersecurity news articles from other sources.Looking to run a phishing attack against your team? Here’s a article from Infosec institute on the top 9 free phishing simulation products.
Your Nigerian Prince is a 67 year old from LouisianaSure looks like a prince to me. Like Prince ...
Continue Reading →
If you own or manage a small business that is part of the DOD supply chain, then you should be well on your way to completing the 130+ item compliance checklist as set out in NIST 800-171. Compliance needs to be in place by the end of 2017, only a few months away. Because I am working with a few clients that ...
NIST (National Institute for Standards and Technology) released Special Publication 800-53 version 4 recently, and it covers the shortcomings in privacy and security in the national power grid, water control systems, dams, oil and gas utilities and similar computer controlled systems. There are no coherent or enforceable standards for Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems ...
Last year we took a look at the emerging changes to password policy that were coming from NIST. The final document is out, and the changes we looked at last year have pretty much made it into the final draft.
One of the sacred cows that was skewered was the “complexity requirement.” This is the requirement to use upper and ...
Continue Reading →