News

  • HeathRenfrow

FDA and the Medical Device Security Action Plan
FDA and the Medical Device Security Action Plan 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA Since 2013, cyber professionals have been warning about the cyber risk and exposure healthcare organizations face from cyber-attacks on medical devices and software. As a result of these concerns the Health and Human Services (HHS) extended security and privacy rules to business associates, and the Federal Drug Administration [...]read more
  • JustinSilbert

Looking Through the Different Filters of the CISO and the Board
Looking Through the Different Filters of the CISO and the Board 450 270 JustinSilbert
By Justin Silbert. Perhaps the most misunderstood challenge of the modern day CISO continues to be communication with the Board of Directors.  The task seems simple, but there is major disconnect between the CISO and the Board. According to the Cyentia Institute’s 2017 Cyber Balance Sheet report, “even basic questions on the value of cybersecurity [...]read more
  • RobBeason

Learning Through Gaming, Red vs. Blue
Learning Through Gaming, Red vs. Blue 1179 666 RobBeason
By: Rob Beason, CISSP, GSLC, Security+ At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the [...]read more
  • JustinSilbert

The Virtual Future of the CISO
The Virtual Future of the CISO 2160 1440 JustinSilbert
By Justin Silbert, GCIH, GCFE, CISSP. Just last week, the city of Atlanta became known as the latest victim of cyber crime, a ransomware attack crippling the city for 5 days. As admitted by the Atlanta Mayor, cyber security was not made a priority and they suffered greatly because of it. And Atlanta is not [...]read more
  • KevinLackey

IT/OT Convergence – a Hacker’s view
IT/OT Convergence – a Hacker’s view 1280 480 KevinLackey
By Kevin Lackey. It is often repeated by control systems security professionals that a primary difference between IT and OT systems is that while IT’s primary function is to process, record, and retrieve data, the primary function of OT processes is to maintain availability, keep the process running and the production occurring. This idea is [...]read more
  • SethJaffe

Securing Financial Institution Core Migration
Securing Financial Institution Core Migration 640 240 SethJaffe
By Seth Jaffe. The Credit Union Information Security Professionals Association held its yearly meeting last week in San Antonio. One of the topics that came up often was core migration, a security issue that just got a booster shot from Tuesday’s article by Brian Krebs on that very subject. One of Krebs’ colleagues received an [...]read more
  • RobBeason

Filtering Out the Noise – Product Evals Using Trello
Filtering Out the Noise – Product Evals Using Trello 150 150 RobBeason
By: Rob Beason One of the most important challenges facing all organizations is product selection. Most tools or solutions are significant investments, which no business can afford to get wrong. How do you determine if a solution is the right fit for your needs? How do you know if what you're buying is just vaporware [...]read more
  • JustinSilbert

Cracking the Enigma of Reputational Risk
Cracking the Enigma of Reputational Risk 544 419 JustinSilbert
By: Justin Silbert In reporting on the consequences of an incident, CISOs and other security professionals should be focused on the costs of the incident. Fixed costs, both direct and indirect, associated with recovery, forensic investigation, regulatory fines, customer notifications, and legal services should be addressed first. Once there is a grasp of the fixed [...]read more
  • JustinSilbert

Seven Steps to Enforce Security From the Inside Out
Seven Steps to Enforce Security From the Inside Out 840 630 JustinSilbert
By: Justin Silbert Traditional cybersecurity practitioners and almost all IT staff view their security architecture as a defense in depth strategy starting at the network perimeter. But both the threats and the environments continue to adapt every day in ways that we cannot anticipate. Today’s malware is designed to exploit zero-day vulnerabilities and continuously mutate [...]read more
  • TorryCrass

The Hidden Benefit of Security Conferences
The Hidden Benefit of Security Conferences 698 262 TorryCrass
By Torry Crass. I've been going to security conferences for a while now, a bunch of them; BlackHat, DefCon, RSA, and a smattering of BSides and various other conferences in my area. Sometimes I present, others I volunteer at, and the rest I'm simply an attendee. Conferences are a great resource in the security community [...]read more
  • SethJaffe

Proposed Data Breach Prevention and Compensation Act of 2018
Proposed Data Breach Prevention and Compensation Act of 2018 1280 480 SethJaffe
In what appears to be a direct response to last year’s Equifax Breach, Senators Elizabeth Warren and Mark Warner introduced, this week, the Data Breach Prevention and Compensation Act, directly targeting large Credit Reporting Agencies (“CRAs”) like Equifax, Experian, and TransUnion. The Act comes with quite a sting, allowing for fines of up to 75% [...]read more
  • SethJaffe

SWIFT Security Controls Framework Advisory Controls
SWIFT Security Controls Framework Advisory Controls 640 240 SethJaffe
By Seth Jaffe. Our prior article on compliance with the SWIFT Security Controls Framework focused on those controls designated mandatory by the Society for Worldwide Interbank Financial Telecommunication. But SWIFT included, in its framework, eleven advisory controls that are worth mentioning. They are: Implement confidentiality, integrity, and mutual authentication mechanisms to protect back office data [...]read more
Enter your
text here