News

FDA and the Medical Device Security Action Plan

FDA and the Medical Device Security Action Plan 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA Since 2013, cyber professionals have been warning about the cyber risk and exposure healthcare organizations face from cyber-attacks on medical devices and software. As a result of these concerns the Health and Human Services (HHS) extended security and privacy rules to business associates, and the Federal Drug Administration [...]read more

Looking Through the Different Filters of the CISO and the Board

Looking Through the Different Filters of the CISO and the Board 450 270 JustinSilbert
By Justin Silbert. Perhaps the most misunderstood challenge of the modern day CISO continues to be communication with the Board of Directors.  The task seems simple, but there is major disconnect between the CISO and the Board. According to the Cyentia Institute’s 2017 Cyber Balance Sheet report, “even basic questions on the value of cybersecurity [...]read more

Learning Through Gaming, Red vs. Blue

Learning Through Gaming, Red vs. Blue 1179 666 RobBeason
By: Rob Beason, CISSP, GSLC, Security+ At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the [...]read more

The Virtual Future of the CISO

The Virtual Future of the CISO 2160 1440 JustinSilbert
By Justin Silbert, GCIH, GCFE, CISSP. Just last week, the city of Atlanta became known as the latest victim of cyber crime, a ransomware attack crippling the city for 5 days. As admitted by the Atlanta Mayor, cyber security was not made a priority and they suffered greatly because of it. And Atlanta is not [...]read more

IT/OT Convergence – a Hacker’s view

IT/OT Convergence – a Hacker’s view 1280 480 KevinLackey
By Kevin Lackey. It is often repeated by control systems security professionals that a primary difference between IT and OT systems is that while IT’s primary function is to process, record, and retrieve data, the primary function of OT processes is to maintain availability, keep the process running and the production occurring. This idea is [...]read more

Securing Financial Institution Core Migration

Securing Financial Institution Core Migration 640 240 SethJaffe
By Seth Jaffe. The Credit Union Information Security Professionals Association held its yearly meeting last week in San Antonio. One of the topics that came up often was core migration, a security issue that just got a booster shot from Tuesday’s article by Brian Krebs on that very subject. One of Krebs’ colleagues received an [...]read more

Filtering Out the Noise – Product Evals Using Trello

Filtering Out the Noise – Product Evals Using Trello 150 150 RobBeason
By: Rob Beason One of the most important challenges facing all organizations is product selection. Most tools or solutions are significant investments, which no business can afford to get wrong. How do you determine if a solution is the right fit for your needs? How do you know if what you're buying is just vaporware [...]read more

Cracking the Enigma of Reputational Risk

Cracking the Enigma of Reputational Risk 544 419 JustinSilbert
By: Justin Silbert In reporting on the consequences of an incident, CISOs and other security professionals should be focused on the costs of the incident. Fixed costs, both direct and indirect, associated with recovery, forensic investigation, regulatory fines, customer notifications, and legal services should be addressed first. Once there is a grasp of the fixed [...]read more

Seven Steps to Enforce Security From the Inside Out

Seven Steps to Enforce Security From the Inside Out 840 630 JustinSilbert
By: Justin Silbert Traditional cybersecurity practitioners and almost all IT staff view their security architecture as a defense in depth strategy starting at the network perimeter. But both the threats and the environments continue to adapt every day in ways that we cannot anticipate. Today’s malware is designed to exploit zero-day vulnerabilities and continuously mutate [...]read more

The Hidden Benefit of Security Conferences

The Hidden Benefit of Security Conferences 698 262 TorryCrass
By Torry Crass. I've been going to security conferences for a while now, a bunch of them; BlackHat, DefCon, RSA, and a smattering of BSides and various other conferences in my area. Sometimes I present, others I volunteer at, and the rest I'm simply an attendee. Conferences are a great resource in the security community [...]read more

Proposed Data Breach Prevention and Compensation Act of 2018

Proposed Data Breach Prevention and Compensation Act of 2018 1280 480 SethJaffe
In what appears to be a direct response to last year’s Equifax Breach, Senators Elizabeth Warren and Mark Warner introduced, this week, the Data Breach Prevention and Compensation Act, directly targeting large Credit Reporting Agencies (“CRAs”) like Equifax, Experian, and TransUnion. The Act comes with quite a sting, allowing for fines of up to 75% [...]read more

SWIFT Security Controls Framework Advisory Controls

SWIFT Security Controls Framework Advisory Controls 640 240 SethJaffe
By Seth Jaffe. Our prior article on compliance with the SWIFT Security Controls Framework focused on those controls designated mandatory by the Society for Worldwide Interbank Financial Telecommunication. But SWIFT included, in its framework, eleven advisory controls that are worth mentioning. They are: Implement confidentiality, integrity, and mutual authentication mechanisms to protect back office data [...]read more