The Danger from Within – Harvard Business Review

The Danger from Within – Harvard Business Review. A good read.

U.K. and U.S. Banks Plan Joint Cyber Security Attack Test – Bloomberg

U.K. and U.S. Banks Plan Joint Cyber Security Attack Test – Bloomberg.

Nearly 70% of critical infrastructure providers suffered a breach

Nearly 70% of critical infrastructure providers suffered a breach.

Former NSA Chief Mike McConnell Says Culture, Not Tech, Is Key to Cyber Defense – The CIO Report – WSJ

Former NSA Chief Mike McConnell Says Culture, Not Tech, Is Key to Cyber Defense – The CIO Report – WSJ. Six years after the financial crisis we just realized that inappropriate behavior is related to culture? In another six years someone will point out that we need a law on privacy and security . .…

Poor Security & Information Sharing – A story of a breach and its aftermath in the deep south

Everyone has heard of the South Carolina Department of Revenue breach. The only thing surprising about it is . . . well, there is nothing surprising about it. Controls were inadequate resulting in a very easy attack being successful. What is interesting, and I predict much more of this occurring in 2013, is informal information…

Desktop Exercises – a new twist

The SANS institute is taking “desktop exercise” from virtual to real. I now realize that my desktop exercises have been lacking something- a model. A real model. The kind that sits on a desk that you can touch. The SANS institute has built CyberCity. A model town that links cyberspace to real world infrastructure. In…

Games Improve Training

If you are looking for ideas to improve your training . . . .

Cloud Security Concept

Although this article is pitched more at cloud security myths, it makes a very good point on cloud security. Here it is discussing a point in the context of fact scenario, but I think the point is clear. The important fact about this situation: If this organization assumed that all security responsibility lay with…

Notification timelines

As state regulators gain more experience with dealing with breaches, they are beginning to become more testy on notification timelines. This the latest of several notifications that regulators questioned the timeliness. Health Net spokesman Brad Kieffer said the company had to extract information from backup servers before determining what was missing – a process that…

Great Training & Awareness Video

While at Barclays, one of the teams I worked with had several videos made to raise employee awareness on privacy and security matters. Here is one of my favorites (you can see additional videos in the series on the right column as well). The video is less than two minutes long and humorously makes its point. Some…

Next Practices

Solutions today for tomorrow's information problems

Training