2015 s_226324081

A Pivotal Year

For the past several years, the information security industry has been saddled with labels annually. 2013: year of the breach; 2014: year of the BREACH (we really mean it); 2015 year of the MEGA breach (its gotten worse!). And with those labels every year I hear the phrase ‘this is a pivotal year in the…

Read More
road plain

Plan Your Journey to Wally World

Earlier this month, I wrote a blog about Information Security Metrics and their place in driving program maturity.  Every organization today is striving to be more mature in its information security program.  Given the constant deluge of media reports on hacks and attacks, security maturity has become a business imperative.  Metrics is one tool in the…

Read More

Mind Your Metrics

Last week I participated in a joint event with KPMG hosted by the New York Stock Exchange Governance Services.  The roundtable topic was Information Security Metrics programs – every security manager’s favorite.  Why?  Because security is so squishy.  What metrics could effectively capture the state of something that changes on a regular basis, has no…

Read More

The Kitchen Sink-Big Data Security Analytics

On a recent visit to a number of companies with an increasing focus on IT security, a sense of common frustration was beginning to develop.  The levels and number of security issues were a concern, and keeping ahead of the security risks has a lot of CIOs scrambling to show they are on top of…

Read More

C+I+A+Value – A CISO Imperative

Confidentiality, Integrity, Availability – the holy trinity of the information security profession.  Chapter One of (almost) every information security document has these three words highlighted, underlined, bolded, mantra-sized…Deified.  And for good reason.  These three guiding lights of the security vocation are the stars upon which our paths are navigated.  They provide the X, Y and…

Read More

Scalable Incident Response Strategies

A few weeks ago I participated in a Webinar with InfoTech regarding incident response strategies that are reasonable and scalable for different types of organizations.  The conversation revolved around the importance of building capabilities – regardless of organizational size and industry – to deal with the rising tide of data breaches.   The conversation started…

Read More
CISO's nust give the right investment advice to the business to secure assets.

The CISO as Investment Advisor

When it comes to job descriptions, there seems to be no limit to what can be placed in the realm of the Chief Information Security Officer (CISO) role.  The role is many times a collection of various responsibilities guided by the loosely defined “protect information assets” charter.  Of course there are elements of core security – access…

Read More

Retail Breaches Highlight The Need for Intelligence Driven Threat Detection & Response

Over the past year the retail industry has been hit by massive IT security breaches with multiple big name retailers reporting attacks that seriously impacted their customers and cost the retailers hundreds of millions of dollars in damages. According a recent article in Reuters, one retailer “spent $146 million to resolve data breach-related issues since the fourth quarter…

Read More
BH-DC-2014-Blog Image

Guardians of the Galaxy?

It is hard not to like the Marvel movies that hit the big screen every year.  Being a pseudo-geek (pseudo because I have no comic book collection or replica light sabers mounted on my wall), I enjoy the world Marvel has created.  Even on the little screen, Agents of S.H.I.E.L.D has become a staple in…

Read More

More than a Balance: Privacy and Security as Partners in Trust

I was in Dublin recently to speak once again at the Secure Computing Forum. The theme this year was “Security and Privacy: Getting the Balance Right”, so I talked briefly about the KPMG report that I discussed in my 2013 blog on “Balancing Security and Privacy”, in particular the KPMG conclusion that “A balance can…

Read More