Speaking at the Threat Intelligence Summit 2015
MISTI’s Threat Intelligence Summit 2015 is coming to Orlando September 29-30, and I’ll be speaking there on: ___ Separating Threat Intelligence from FUD: An Enterprise Approach A breach here, an NSA...
View ArticleClik here to view.
Is Threat Intelligence a Misnomer?
The bulk of what passes for “threat intelligence” is just ephemeral data, frequently changed by hackers, and only useful on short-lived blacklists. To improve their cybersecurity, organizations need to...
View ArticleClik here to view.
Security Architecture Group Survey Results are In
The following survey of Linked In’s Security Architecture Group found members highly motivated to gain multidisciplinary learnings, and improve coverage of their broad interests through increased...
View ArticleComplimentary Webinar: Get Help with Privileged Access Management (PAM)
You’re invited to join our complimentary webinar on privileged access management (PAM). Please click here to register. Title: Harnessing Privileged Access Management (PAM) to Defend Core Digital Assets...
View ArticleClik here to view.
Safe Harbor is Dead – Now What?
Tuesday October 6, 2015 the European Court of Justice struck down Safe Harbor, an international agreement that allowed companies to move digital information between the the United States and Europe....
View ArticleClik here to view.
Breach Notification and Incident Response: When and How
Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy...
View ArticleClik here to view.
Privileged Access Management Webinar Recording Available
Last week we delivered our Privileged Access Management (PAM) webinar. In this presentation we noted that because over-privileged accounts are rampant in the IT environment, PAM is a technology that...
View ArticleClik here to view.
Does Size Matter? AES 128-Bit Encryption is (Probably) Good Enough
Recently, I was asked to opine on whether AES 128-bit encryption was adequate, or if the customer’s cryptography standard should require 256-bit operation. Source: Wikipedia – “SubBytes – one of the...
View ArticleClik here to view.
Complimentary Webinar: Cyber-Resilience in the Face of a Breach
Two weeks ago I stood before a conference crowd at Cyber Security World 2015 and said: “I hate the term cybersecurity.” And proceeded to give essentially the same presentation that we’ll now bring to...
View ArticleDissecting Cloud Security Breaches
Recent Gartner prediction: By 2020 95% of cloud security failures will be the customer’s fault. I agree with this in a general sense, and it led to an interesting discussion of cloud breaches with some...
View ArticleClik here to view.
How to Minimize Stored Identity Data and Breach Risk
Why do organizations often behave like pack rats – over-storing identity data again and again even after seeing so many peers suffer breaches and put their employees or customers at risk? A recent...
View ArticleCloud Security Decision Frameworks
To be successful, the modern information security organization must be able to protect a hybrid, multi-cloud IT environment. Since cloud security is one of Security Architects Partners areas of...
View ArticleClik here to view.
Cloud Security Decision Frameworks (Part 2)
Sometimes it seems as if companies are moving deeper into the cloud every day by any means necessary with or without security on board. Unsanctioned shadow IT initiatives abound as well as sanctioned...
View ArticlePlanning for the Post-Safe Harbor Era
The European Court of Justice’s demolition of Safe Harbor two months ago has spawned a host of data residency compliance questions from clients, former clients and prospects: What privacy and security...
View ArticleClik here to view.
Building Up Data-at-Rest Encryption
Previously, Security Architects Partners posted “Is there a Gold Standard for Data-At-Rest Encryption?” We noted that enterprises are under pressure to encrypt data, but the compliance landscape is...
View ArticleClik here to view.
How to Drive Successful DLP Projects
DLP initiatives are on the horns of a dilemma: IT can’t enforce the rules unless the business backs it up. Without the business on board, data protection is quite difficult. However, successful DLP...
View ArticleEngaging the Board on Cybersecurity
Corporate Boards of Directors (BOD) may soon be required to disclose their level of cybersecurity expertise. The recently-introduced Cybersecurity Disclosure Act (S.2410) would direct the SEC to work...
View ArticleRSA 2016 Sessions Favs and Recommendations (#RSAC2016)
#RSAC2016 will again bring much of the cybersecurity industry together for a week of intense learning, networking and exhibiting. My mailbox is filling up with vendor briefing requests and I’m pulling...
View ArticleClik here to view.
Can the CASB Unify Cloud Security Policy Enforcement?
The Cloud Access Security Broker (CASB) is an architectural concept become an over-sized security market category. Many of the pieces in the CASB model are necessary for coherent cloud security policy...
View ArticleCASB from the Horse’s Mouth
CASB as a market was born of Neil MacDonald’s Gartner research notes. It’s grown to comprise 20-30 very different types of vendors. According to MacDonald, the CASB crew crew is already pulling down an...
View Article