E3 – Hordes at the Gate – The Call of the Siren

“Don’t you think you are being a bit paranoid?” Greg asked Marty as the two exited the cafeteria.  “I mean, the DDOS attack was pretty severe. I think whoever was behind it accomplished their goal. Look at all the time and expense it took to control it. Not to mention the downtime, the annoyed customers,…

Read More

E3 – Hordes at the Gate – The Aftermath

Marty walked into the conference room and immediately sensed the buzz and tension.  He knew the debrief of the denial of service attack was going to be a long one but he didn’t anticipate this much friction.  The source of the stress wasn’t the actual attack or the mayhem that ensued to protect MagnaCorp from…

Read More

E3 – Hordes at the Gate – The Battle

The Hunter arrived on the wall of the fortress on the frontier out of breath. He had ridden through the night to get to the most active and dangerous part of the assault on the Kingdom’s walls. He leaned over the parapet and quickly surveyed the chaos below him. Within seconds an arrow whizzed past…

Read More

E3 – Hordes at the Gate – The Siege

The hulking figure dominating the corner of the crowded tavern was given a wide berth by the other patrons.  Even though the smoky room was packed with people, the table occupied by the massive man had plenty of space around it.  Several customers made obvious attempts not to trespass over the imaginary border circling the…

Read More
2015 s_226324081

A Pivotal Year

For the past several years, the information security industry has been saddled with labels annually. 2013: year of the breach; 2014: year of the BREACH (we really mean it); 2015 year of the MEGA breach (its gotten worse!). And with those labels every year I hear the phrase ‘this is a pivotal year in the…

Read More
road plain

Plan Your Journey to Wally World

Earlier this month, I wrote a blog about Information Security Metrics and their place in driving program maturity.  Every organization today is striving to be more mature in its information security program.  Given the constant deluge of media reports on hacks and attacks, security maturity has become a business imperative.  Metrics is one tool in the…

Read More

Mind Your Metrics

Last week I participated in a joint event with KPMG hosted by the New York Stock Exchange Governance Services.  The roundtable topic was Information Security Metrics programs – every security manager’s favorite.  Why?  Because security is so squishy.  What metrics could effectively capture the state of something that changes on a regular basis, has no…

Read More

The Kitchen Sink-Big Data Security Analytics

On a recent visit to a number of companies with an increasing focus on IT security, a sense of common frustration was beginning to develop.  The levels and number of security issues were a concern, and keeping ahead of the security risks has a lot of CIOs scrambling to show they are on top of…

Read More

C+I+A+Value – A CISO Imperative

Confidentiality, Integrity, Availability – the holy trinity of the information security profession.  Chapter One of (almost) every information security document has these three words highlighted, underlined, bolded, mantra-sized…Deified.  And for good reason.  These three guiding lights of the security vocation are the stars upon which our paths are navigated.  They provide the X, Y and…

Read More

Scalable Incident Response Strategies

A few weeks ago I participated in a Webinar with InfoTech regarding incident response strategies that are reasonable and scalable for different types of organizations.  The conversation revolved around the importance of building capabilities – regardless of organizational size and industry – to deal with the rising tide of data breaches.   The conversation started…

Read More