the State of Security

Data Breaches

Are your security people lying about the impacts? Probably, but not on purpose.

by Shawna Turner-Rice

Security is a complex, often nuanced, topic. Today there’s a lot of subjectivity in 100% security oriented discussions. Business people like non-squidgy objective numbers. To make security investment decisions, security people have to sell their area to the business; which means speaking their language. As a consequence, security people are often trying to make objective [...]

Read More
Challenges in placing information security teams in the right organizational structure

Challenges in placing information security teams in the right organizational structure

by Shawna Turner-Rice

I often write blogs based on what crosses my inbox during a week; and recently I saw just enough articles on who security should report to that I thought I’d select it as the topic du jour.  (Much like Adam, I rarely seem to get to writing these early. This isn’t a new topic, I [...]

Read More
Good resource on logging and retention practices – a legal perspective

Good resource on logging and retention practices – a legal perspective

by Dwayne Melancon

In the event of a data breach, law enforcement, regulators, payment card auditors, clients and others will ask about your log file management and your alerting protocols. Don’t be caught unaware.

Read More
Considering PII as “Potential” Information on unique Identity

Considering PII as “Potential” Information on unique Identity

by Shawna Turner-Rice

With all the conversations about Google and their privacy policy changes, as well as the ongoing conversation about how much risk the Zappos breach really offers; the concept of PII seems like a topical item for this blog post. I like to proceed like the King tells the White Rabbit: “”Begin at the beginning,” the [...]

Read More
How do you eat an elephant?

How do you eat an elephant?

by Shawna Turner-Rice

If we were hoping for news related to breaches to slow down now that we were out of 2012, it looks like we’re already out of luck, even though we aren’t out of January. Seeing Symantec and Zappos in the news already this year can make those responsible for protecting their organizations feel like there’s [...]

Read More
Predicting the top 10 Infosec Predictions for 2012

Predicting the top 10 Infosec Predictions for 2012

by Dwayne Melancon

This is the time of year when you start seeing lots of predictions about things that will happen next year.  With that in mind, I thought I would predict the predictions I think we’ll see for 2012.

Read More

← Previous Entries