Its not that we don’t care about Security

by

Does this sound familiar? My company does what it can with security and is compliant, we have no breaches so far.   The problem is that the security team knows we can get breached, in fact we likely already have. But fortunately nothing has been overtly accomplished (as far as we can tell) by the … Read more

Digital Anything is at Risk – Fingerprints & more

by

Office Personnel Managment hack now suspected also of stealing fingerprint data. http://www.nationaljournal.com/tech/2015/07/14/How-Much-Damage-Can-OPM-Hackers-Do-With-Million-Fingerprints   What can be done with a stolen fingerprint?  Is it really only a foreign government coup?  Can the Chinese government splinter groups use this information for other nefarious reasons? { Part of the worry, cy­ber­se­cur­ity ex­perts say, is that fin­ger­prints are part of … Read more

Security Triangle+ People Process Technology+

by

As other blog posts have mentioned  in the past: Schneier: https://www.schneier.com/blog/archives/2013/01/people_process.html http://www.computerweekly.com/blogs/david_lacey/2013/01/we_need_more_use_of_security_t.html Here is the “Security Triangle” People, Process, and Technology. Image from: http://www.business2community.com/online-communities/social-intranets-merging-people-process-and-technology-0126252   Even though the image above is for social media, I like it because it shows the number of items in People that must be behind your new security push. “Security People” … Read more

Why is Security Difficult? Target Breach Analysis 2 Yrs Later

by

Brian Krebs does a great job reviewing the details at his latest post http://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/#more-32276 The analysis of Target’s breach is obvious in the level of insecurity in Target 2012. Default passwords used Passwords of insufficient complexity No segmentation of network. Insufficient patching No pentesting Every point in the PCI (Payment Card Industry) was a failure. … Read more