PCI compliance has the basic settings for computer security but it will not ensure your corporation will be secure. For that to happen you must have personnel that implement security policies correctly, and it must be ingrained in all employees, as the weakest link is in our employee actions day after day. It is difficult … Read more
Why has Risk Management failed us? Every place you see “Accept risks” replace with Hacked computers. JP Morgan proved this concept even with a seeming unlimited security and IT budget, some mistakes creep into the organization. 76 million accounts affected Every box with monitor and manage risks replace with Computer hacked from the internal … Read more
I agree with the Governance people at ITgovernance: http://www.itgovernanceusa.com/blog/technological-cybersecurity-solutions-address-only-half-the-threats/ Technology only addresses some of the potential Cybersecurity hurdles that a company may have. The poster child of massive data breaches (Sony) was due to an internal breakdown, that plus previous documented failures show a lack of concern for IT Governance. In my mind I have … Read more
Security Magazine has the story: http://www.securitymagazine.com/articles/86057-understanding-the-new-federal-cyber-laws The CEA(Cybersecurity Enhancement Act 2014) is the most significant of the December bills both in breadth and likely in significance. Where NIST(National Institute of Standards and Technology) has setup a Cybersecurity framework which is very flexible for companies to follow. NIST Feb 12,2014 Cybersecurity Framework document. The interesting paragraph … Read more
We need a Renaissance of focus on Security. I’m a Systems Engineer (http://www.fixvirus.com/about-us-full-story/) and teacher of Security Architecture (SEC020 at Professional Education Technology & Leadership Center at Washington university in Saint Louis) So of course like a dentist looking at teeth (they can’t help it) I look at computers from a systems point of view. Which … Read more
