News

SethJaffe
January 9, 2018

Why Your Incident Response Plan Needs Rules

Why Your Incident Response Plan Needs Rules https://leocybersecurity.com/wp-content/uploads/2019/03/787-Dreamliner-4-1280.jpg 1200 450 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g January 9, 2018 March 12, 2019

By Seth Jaffe. Over the holidays, we dusted off some board games for a little family fun. One of the things that struck me was the frequency with which players consulted the game rules. The more complicated the game, of course, the more folks scoured the rule guide. This got me thinking about incident response, [...]read more

SethJaffe
January 8, 2018

SWIFT Security Controls Framework Goes into Effect

SWIFT Security Controls Framework Goes into Effect https://leocybersecurity.com/wp-content/uploads/2019/03/safe-913452_1920-blue.jpg 1920 720 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g January 8, 2018 March 12, 2019

By Seth Jaffe. For banks and financial institutions using the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) network, the new year brought a requirement to self-attest compliance against new mandatory and, optionally, advisory controls promulgated by SWIFT through its Customer Security Controls Framework. Security professionals will recognize these controls as generally standard in the industry, [...]read more

JustinSilbert
December 12, 2017

Risk Assessments Should Build Credibility, Not Destroy It

Risk Assessments Should Build Credibility, Not Destroy It https://leocybersecurity.com/wp-content/uploads/2019/03/hacking-2077124_640-sm.jpg 640 240 JustinSilbert JustinSilbert https://secure.gravatar.com/avatar/?s=96&d=mm&r=g December 12, 2017 March 12, 2019

By: Justin Silbert There are many different types of risk assessments. Some organizations adhere to an industry standard such as Risk Management Framework (RMF), COBIT, or ISO. Other organizations perform a penetration test, fix their holes (or not), and then assume they are secure. Few assessments, however, achieve the stated purpose, to convey risk information [...]read more

SethJaffe
October 3, 2017

NASA’s Flight Director – Why Your Incident Response Team Should Have One

NASA’s Flight Director – Why Your Incident Response Team Should Have One https://leocybersecurity.com/wp-content/uploads/2019/03/Apollo13-640.jpg 640 240 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g October 3, 2017 March 12, 2019

By Seth Jaffe. CNN’s Danielle Wiener-Bronner penned an article recently chronicling Equifax’s data breach missteps. One statement in particular caught my attention as being sage wisdom, and worth fleshing out: “Too many decision makers yield a slow response, which results in negative attention.” The importance of an empowered incident response director cannot be understated. Consistent with our theme on incident [...]read more

SethJaffe
September 27, 2017

The Importance of an Executable Incident Response Plan, and How NASA Can Help

The Importance of an Executable Incident Response Plan, and How NASA Can Help https://leocybersecurity.com/wp-content/uploads/2019/03/ISS_Flight_Control_Room_2006.jpg 2560 1700 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g September 27, 2017 March 12, 2019

By Seth Jaffe. Brian Harrell had a good piece this week on improving cybersecurity governance in the boardroom, a topic that we routinely blog about in our Cyber Governance Corner Series. So why am I mentioning a governance article in the Incident Response Series? Because Brian opines, in his article, that “[c]ompliance is a regulatory minimum that one must [...]read more

SethJaffe
September 17, 2017

The Evolutional Leap from a Basic Incident Response Plan to an Executable Incident Response Program

The Evolutional Leap from a Basic Incident Response Plan to an Executable Incident Response Program https://leocybersecurity.com/wp-content/uploads/2019/03/time-3216252_1280.jpg 1280 512 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g September 17, 2017 March 12, 2019

By Seth Jaffe. In the wake of the Equifax data breach, the time is right to revisit incident response. Dozens of authorities recommend incident response plans (you may have seen lists on my twitter feed or LinkedIn posts), but what does it really mean to have an incident response plan? Is it simply to check [...]read more

SethJaffe
September 12, 2017

Board of Director’s Obligations to Understand Cyber Risk

Board of Director’s Obligations to Understand Cyber Risk https://leocybersecurity.com/wp-content/uploads/2019/03/IMG_6546.jpg 1024 683 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g September 12, 2017 March 12, 2019

By Seth Jaffe for the Cyber Governance Corner. It is no secret that, as an industry, information security suffers from a worker shortage. The Center for Cyber Safety and Education’s 2017 Global Information Security Workforce Study concluded that the most common reason is a lack of qualified personnel. But the next most common reason is [...]read more

SethJaffe
September 5, 2017

Emergency Response after Harvey

Emergency Response after Harvey https://leocybersecurity.com/wp-content/uploads/2019/03/hurricane-1049612_640-sm.jpg 640 240 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g September 5, 2017 March 12, 2019

By Seth Jaffe. In the wake of Harvey here in Houston, I took a few minutes to pull up FEMA’s Emergency Management Guide to see how it compares with #incidentresponse. Originally penned in 1993, the Guide offers a number of lessons for the average cyber incident response plan. For example, it begins with review of [...]read more

JustinSilbert
August 29, 2017

Hiring the Wrong Leader Could Sabotage your Cybersecurity Program

Hiring the Wrong Leader Could Sabotage your Cybersecurity Program https://leocybersecurity.com/wp-content/uploads/2019/03/binary-1327493_640-sm.jpg 640 240 JustinSilbert JustinSilbert https://secure.gravatar.com/avatar/?s=96&d=mm&r=g August 29, 2017 March 12, 2019

By Justin Silbert. Hiring for cybersecurity positions may seem the same as any other profession. Create job description, solicit resumes, interview, and hire the best candidate. But too often, the wrong person is placed into a critical leadership position of securing the organization. The most critical problem is the inability of managers to assess cybersecurity [...]read more

SethJaffe
August 28, 2017

Transition Period Ends for the NY State Cyber Security Law

Transition Period Ends for the NY State Cyber Security Law https://leocybersecurity.com/wp-content/uploads/2019/03/security-265130_640.jpg 640 426 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g August 28, 2017 March 12, 2019

By Seth Jaffe. Today ends the 180-day transition period under New York’s Cyber Security Regulation 23 NYCRR Part 500. Covered entities are expected to be in compliance with roughly seven of the sixteen discrete sections.[1] By August 28, 2017 covered entities must meet the following: Cyber Security Program (§500.02): maintain a cyber security program [...]read more

SethJaffe
August 21, 2017

Director Duties Related to Cyber Security

Director Duties Related to Cyber Security https://leocybersecurity.com/wp-content/uploads/2019/03/hacker-2371490_1920-sm.jpg 640 240 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g August 21, 2017 March 12, 2019

By Seth Jaffe. There is an interesting infographic circulating social media this summer from David McCandless over at Information is Beautiful. It distills the largest data breaches into floating graphic bubbles, represented by the size of the breach. This type of imagery, while interesting for those of us in cyber security, must be moderately terrifying [...]read more

SethJaffe
August 8, 2017

Cyber Governance Corner – Overview

Cyber Governance Corner – Overview https://leocybersecurity.com/wp-content/uploads/2017/08/ball-457334_640-sm.jpg 640 240 SethJaffe SethJaffe https://secure.gravatar.com/avatar/5731a065bf46320dc834ac5e4f23bc60?s=96&d=mm&r=g August 8, 2017 March 12, 2019

By Seth Jaffe. Gone are the days where data protection was left solely to the IT department. Today, cyber risk is constantly on the minds of corporate leadership, and it is a board-level responsibility. In this on-going, multi-part series, we will review director obligations related to cyber security risk management, methods to mitigate that risk, [...]read more