Do you use a financial advisor? I do, and I recommend mine to others without reservation. Part of that recommendation comes from the manner in which the account data is secured, which provides me more than a modicum of assurance that the folks managing my money are not asleep at the switch when it comes to protecting my identity (and …
BYOD: Users are a nightmare without policies
Over the course of the past several years business leaders have evaluated and implemented the bring-your-own-device (BYOD) movement as a cost-effective methodology to preserve or reduce information technology (IT) operating expenses. In the quest to reduce these operational expenses, one might overlook the need to have a robust BYOD policy. A policy of this order addresses not only the technological …
MSU data breach: Database with 400,000 records accessed
Michigan State University (MSU) has confirmed that on Nov. 13 an unauthorized party gained access to an MSU server containing certain sensitive data which included the personal identifying information of 400,000 individuals. The MSU data breach, characterized by the MSU President Lou Anna K. Simon as a,”criminal act in which unauthorized users gained access to our computer and data systems”. …
Reliability disrupted when your data isn’t stolen, it’s changed
[vc_row padding_top=”0px” padding_bottom=”0px”][vc_column fade_animation_offset=”45px”][text_output]Competitors and nation states have long known that to disrupt your competition is often times all that is necessary in order to garner a competitive advantage. It is for this reason that all information security (infosec) practitioners have long understood the importance of the three status indicators of the network infrastructure and data/services within: Reliability, Availability and Serviceability …
Your IT Security Teams Enable Business
Having an IT security team is an imperative for all companies, not just those in the enterprise space. This dedicated set of eyes is essential for small- to medium-size businesses (SMBs). It is imperative that security team members have a clear understanding of their role as a support to the organization and that their success be measured by the business …
Cyber Security Event Denial: If I don’t report it, did it really happen?
“If a tree falls in the forest and no one is there to hear it, does it make a sound?” The technological equivalent of this query within cyber security exists, unfortunately: “If a compromise occurs and no one reports it, did it really happen?” The answer in both instances is, “of course.” Yet the recent survey of 200 security professionals …
Data Breach – Horizon Blue Cross – two data breaches in five years
Looking for information about the 2016 mis-mailing of EOB’s to Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) members? Read-> Data Breaches Again at Horizon BCBSNJ Horizon Blue Cross Blue Shield of New Jersey – Two data breaches in five years. [Updated 18 December 2013*] Earlier this week 839,711 members of Horizon Blue Cross Blue Shield of New …
Secrets Stolen, Fortunes Lost
Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century (Syngress 2008 – by Christopher Burgess and Richard Power) The threats of economic espionage and intellectual property (IP) theft are global, stealthy, insidious, and increasingly common. According to the U.S. Commerce Department, IP theft is estimated to top $250 billion annually and also costs the …
Security – Who is responsible?
Do you view your security posture in the office as more or less important in comparison to your residence? And how does that compare to the personal security profile that you exercise for you and your family? Who should be shouldering the security responsibility? I posit — you are responsible. And I would add that you also need to hold …
Passwords – Creation & Usage – Online Safety & Security
Do you use a password? The evolution of online crime is as much about your password strength as it is about your password usage. If you use your strong password for shopping site A and then reuse the password for shopping sites B, C, D, E, F then you are basically saying to yourself – “I trust each of these sites to have the same robust level of security”
Do You Know Where Your Data Is?
The following appeared in the Canadian online magazine Security Matters: Location Based Services: Do you know where your data is? Do you know where your data is? By Christopher Burgess Everywhere you look, retailers and other entities are offering to collect your data using one of the many location-based services available to collate your whereabouts and analyze your behavior. Are …
Social Media and Cyber Security (Talk2Cisco)
In October, I had the pleasure of being the guest on Talk2Cisco and to discuss social media and cyber security. Here is the write-up and recap of the event: Talk2Cisco . I took a moment and watched the video, and thought, this is something beneficial to small, medium and large businesses. I also think the individual will garner value from …
Crimeware – a book review by Christopher
Five stars to Jakobsson & Ramzan for a most useful guide to understanding the underbelly of the internet. The strength exhibited by this book lies within the all-star lineup of contributors and the thorough dissection of the numerous forms of crimeware. Their book is a must read for anyone who has responsibility or an interest in protecting Personal Identifying Information (PII), Private Consumer Information (PCI) or Intellectual Property (IP).
Security Monitoring – a book review by Christopher
The guide is a professional guide, with exemplars which can be used in a sandbox, or to assist you in noodling through specific infrastructure monitoring issues – such as “tuning” so the incident logs tell you the story, and don’t drown you in event data. This book should be in every incident responset team’s professional library.
2008 – Presentations by Christopher Burgess
In 2008, the publication of Secrets Stolen, Fortunes Lost, proved to be the entree to a great many speaking engagements. Once again, I was invited to NATO’s information assurance conference, and to the AFIO annual intelligence symposium. All in all 2008, saw a diverse and exiciting schedule of events, all of which served to continue to increase the awareness of …
2007 – Presentations by Christopher Burgess
In 2007 I learned much about the concept of “Thought Leadership” and was pleased to have been invited by both public and private entities to speak to their organizations and personnel. Visting Purdue University, Massachusetts for the E-Government Summit, and NATO for their Information Assurance conference, and supporting the HTCIA, ASIS, WRG and AGMA and getting to meet their constituents. I thoroughly enjoyed visiting the many …