I'm always on the lookout for good graphics to use in presentations about security. I recently came across EIQ Network's recent small survey on "What Keeps IT Pros Up at Night?" that reported roughly equal fears of experiencing a breach and failing a security audit - realistic, but still kinda depressing to me. Failing a … Continue reading Sleepless CISO's Plan on Implementing the Critical Security Controls
At the SANS NetSec conference in Las Vegas last week, we had a HealthCare Security breakfast, and one of the issue brought up was that medical machinery and servers often remain vulnerable because the vendors don't issues updates incorporating patches to Windows or other commercial software running underneath the application. The system vendors often claim … Continue reading Don't Let Medical System Manufacturers Hide Behind "We Can't Patch Because of FDA Certification"
Step by step the longest march can be won, can be won Many stones can form an arch, singly none, singly none And by union what we will can be accomplished still Drops of water turn a mill, singly none singly none From "Step by Step" - John McCutcheon Continue reading Twelve Word Tuesday: Thoughts and Prayers to the Victims of the Navy Yard Shooting and Their Families
Since 2002, the US Federal Trade Commission has punished 48 US companies for violating their published privacy policies and exposing consumer personal data. That list includes big names like CVS, Eli Lilly, Microsoft and Twitter, as well as smaller companies such as Dave and Busters, Franklin Budget Car Sales and something called RockYou. In all … Continue reading We Don't Need More Cybersecurity Regulations, We Need More Federal Trade Commissions Enforcing Existing Regulations