Blog Authors

Robert BigmanRobert Bigman
Guest Author, Former CIA CISO
socialtis2Tina Stewart
Vice President Marketing
Paul AyersPaul Ayers
VP EMEA
alankesslerAlan Kessler
President and CEO

DEFENDERS OF DATA

Next Steps for the Cybersecurity Framework

Posted By: Robert Bigman, Former CIA CISO
16 Oct
2014
Categories : Data Security            Leave a comment           

One of our nations many pressing cyber security issues (that we have still made very little actual progress towards) is strengthening the collective security of our critical infrastructure Information Technology (IT) fabric. Now, I know everyone’s first response will be: “Not true, we now have a cyber security framework; an agreement between the public and private sectors regarding how to measure cyber security risk, how to discern a cyber security program’s level of influence and, most importantly, an articulation of […]

14 Oct
2014

Personal note: When I initially laid out this blog, I planned on stepping through recent revelations in the Dairy Queen breach. However, since my initial outline, Kmart was also breached. These breaches are happening at such a frequent pace, I can’t help but feel the larger story is about security flaws within the retail space. So instead of delivering yet another Dairy Queen article among the masses, I’d instead like to look at security flaws within the retail space as […]

09 Oct
2014
Categories : Data Security            Leave a comment           

It has been an incredible 15 months since the Edward Snowden affair and, yet, his name remains anchored in my many business conversations. It’s not his name, of course, but his actions that has helped coin the phrase ‘Snowden-syndrome’. And, while ‘the insider threat’ is nothing new from a data protection standpoint, the reverberations of his actions have undoubtedly transformed the security landscape as we know it. Given research we released in April of this year confirmed that only 9 […]

06 Oct
2014

Data encryption is increasingly at the forefront of American conversations around cybersecurity. In fact, Fusion’s Daniel Rivero, citing government intrusion and overreach, went so far as to call it “the second amendment battle for the digital age.” Given October is National Cyber Security Awareness Month, it only seems appropriate to explore the benefits of encryption – a strategy that helps keep businesses accountable to their customers, partners, employees and stock holders. Click to Tweet: The Long Game of Encrypt Everything […]

02 Oct
2014
Categories : Data Security            Leave a comment           

As this is the start of Cyber Security Awareness Month, I think it’s appropriate for us to think about the security characteristics of the heart of our organizations – Our people. Over the last several years an increase in data breaches has forced many organizations to take a hard look at their overall security strategy and investments. Part of the challenge is determining where to sprinkle the investments made. For example, traditional anti-virus software while still very important is clearly […]

30 Sep
2014
Categories : Data Security            Leave a comment           

If you had to guess at the leading concerns for businesses that operate in the cloud, you’d probably rank security and compliance at the top. Anyone who’s built or managed a cloud knows how complex both can be, from meeting PCI or HIPAA regulations to keeping data out of criminal hands. And as we move further into the age of The Internet of Things and increasing mobility and app-centricity, it’s a safe bet our new security needs will only keep […]

26 Sep
2014
Categories : Cloud Computing, Cloud Security, Data Encryption, Data Security            Leave a comment           

From: Jean-Paul Bergeaux, SwishData Federal use of cloud resources has begun to mature, and with this maturity Federal organizations have started to hone-in on the best uses of private and public cloud resources for them. While private clouds have had strong adoption, with the environment more-or-less completely under the control of the agency, it is only recently that the most compelling use cases for agencies to use public cloud environments have started to become clear. The three most compelling use […]

23 Sep
2014
Categories : Data Security            Leave a comment           

You may have missed it unless you are interested in digital certifications and SSL, but the problem of SHA-1 certificate deprecation is something that we’re all going to have to pay some attention to. Here’s what you need to know. The Problem Modern CPUs and computing environments are becoming so powerful that older security protocols are starting to be vulnerable to “brute force” attack methods that allow them to be broken.  This is what is happening with the SHA-1 hash […]

17 Sep
2014
Categories : Cloud Security, Data Breach, Data Encryption, Data Security            Leave a comment           

I’m pretty excited about the CSA Congress and IAPP Privacy Academy in San Jose this week. Although some half-day pre-conference workshops were on the docket for today, for us, the event formally started with the welcome reception earlier this evening. Click to tweet:  What’s the Buzz before #CSACongress #privacyacademy? – See what the speakers had to say @CJRadford! http://bit.ly/1wrqCsz In getting ready for the conference, I spent a few minutes creating the word cloud below from the conference session descriptions […]

16 Sep
2014
Categories : Data Security            Leave a comment           

There’s a common lament we all have, which is that there always seems to be more to do, and less time to do it. The difference for those responsible for complying with the Payment Card Industry Data Security Standard (PCI DSS) is that they now have a lot of evidence to point to. For those individuals, the introduction of the most recent PCI security standard, release 3.0, significantly upped the ante in terms of effort required. While PCI DSS 3.0 […]