Top News:

10 Steps Towards an Information Security Program for Newly Established Companies

By Farhaad Nero

It’s not a matter of if your company will be breached but when and for newly established companies or startups the when may be sooner rather than later.

Startups are being established across industries and come in many different sizes.  Regardless of whether they are in year 2 or year 5 of their existence, in their Series A round or their Series C round, they often fail to develop a mature and sufficient information security program.

It could be due to a perceived lack of resources or time. Or, it could be the founders are laser focused on their company’s growth and security is thought of as too much of a burden and not much of a necessity.

Read More

 

My Security Fantasy 

By Joel Rosenblatt 

My biggest security problems all start with authentication.  If you look at the major hacks that have taken place in the last year, you can trace most of them back to phishing (or stupid). 

If I could wave a magic wand and create a system that could verify the identity of the person at the keyboard, with a very high degree of certainty, I believe, in my opinion, that this could solve most of the security breaches that we see.

Now, many of you will be thinking – what about two factor authentication, doesn’t that solve all of the problems?  I agree that two factor is MUCH better than POP (Plain Old Passwords), but there are logistical issues with fobs, phones and tokens. 

What I want is … a dog.  

Read More 

 

The 20 Critical Controls - A Practical Security Strategy 

By Randy Marchany

Back in the late 1990's, I was fortunate to be part of a team of cyber security experts who were asked to develop a list of the Top 10 Internet Security Threats.

"On February 15, 2000, 30 Internet experts met with President Clinton to identify actions needed to defeat the wave of distributed denial of service attacks and to keep the Internet safe for continued growth.

"One of the resulting initiatives was a project to develop a community-wide consensus list of the most often exploited vulnerabilities. Forty-two people from all parts of the Internet community worked together to reach consensus on the top priority threats."  

Read More 

 

If Not Now, When? If Not Us, Who? - "Tackling the Great Minority Cyber Divide"

By Devon Bryan

In a November 2014 article, Lowell McAdam the CEO of Verizon made the following very bold public statement, “It’s Wrong That in a Room of 25 Engineers, Only 3 Are Women.” 

Lowell’s very intriguing article went on to quote several other very compelling facts and figures triggering resonance at so many levels, including the prediction that, “80% of all jobs in the next decade will require Science, Technology, Engineering, and Math (STEM) skills.”

The prediction by itself on the surface is unsurprising since we can all relate to the transformational effects that information technology has had on our personal and professional lives.

Read More 

 

 

Principles of Data Privacy and Security

By David Sheidlower

A CISOs Guide to Principles of Data Privacy and Security examines the key issues surrounding data privacy and security.

In this eBook, Sheidlower, currently CISO of an international media and advertising firm, provides his perspective on topics, which include privacy policies, big data, consent, governance and security.

According to the author: “The fundamental principles of privacy and security continue to evolve.  I’ve tried to look into each of them from the consent process, which most people find problematic, to the need for a framework for data protection, which is where an organization’s security program comes in.”

The eBook has been lauded by Sheidlower’s peers, with Larry Whiteside Jr., CISO of the Lower Colorado River Authority (LCRA), stating: “It provides thought provoking and actionable information on issues that are top of mind for us – data privacy and security. I highly recommend reading it.”

Read the eBook 

 

Fuzzy Dunlop and the (Mis)Use of Data

Fictitious confidential informants

 

Planning Security 

3 Things to look for in 2015 

 

Inside the Sausage Factory  

The President's cybersecurity legal proposals 

 

The Importance of Privacy

By David Cass

Security and Privacy are essential in today’s digital economy.  2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with our sensitive information. 

Currently, there are more than 80 countries with privacy laws.  Violating these laws may result in fines, brand damage, and/or loss of revenue. 

Read More 

A Small Company Takes on the Devil Inside the Beltway 

LabMD processes medical specimens. One day, a security services company emailed them advising that its patented searching software, which looks for problems caused by peer-to-peer applications, found a file with sensitive information.

LabMD refused to pay, choosing to mitigate the problem themselves. The security company turned over its finding to the Federal Trade Commission leading to a multi-year, resource-draining battle by LabMD to try to prove they did nothing wrong.

Listen Now 

 

About securitycurrent | Privacy Policy | Subscribe to our newsletter