Each year about this time, I pull out my foggy crystal ball and prognosticate the future of Privacy and Security! For data privacy and security professionals, this year offers optimism, but with looming mid-term elections and recent significant data breaches, only subtle privacy improvements are likely. Through that lens, here is the 3rd Annual Top 10 Privacy/Security Trends for 2014. Continue reading
Once you understand the organization’s strategy, aligning security to it becomes the easy part. Continue reading
Strategic vs. tactical thinking, is a common misconception in security. Many security professionals believe that by completing tactical functions they are ultimately achieving strategic goals. The idea introduced in part one of this series is that thinking strategically is about aligning the business objectives to the activities that security is providing for the business. Continue reading
Recently, I sat down with my attack and penetration team (the guys that break into stuff), and I was reminiscing about the old days of penetration testing. It got me to start thinking that, as the industry evolves and shifts toward technology to provide for the commoditized tasks, the industry needs to shift away from the monotonous work of running tools to more strategic thinking. Continue reading
Why do organizations keep suffering from relentless massive data breaches? Weak security, executive management ambivalence, increasing hacker prowess? Maybe all of the above, but the more cogent reason we continue to read of data breaches is because it’s lucrative! Continue reading
Virtual currency is picking up steam, and with that security issues are growing as well. While many issues with traditional internet systems (banking, credit card and fund transfer systems, etc.) are averted by the way virtual currency is structured (which gives it a great advantage), security will always be a concern. Continue reading
For many organizations, it is a struggle to get from their CurrentState (CS) to their DesiredState (DS) of security. The struggle is in the planning and construction of the roadmap from CS to DS. In its simplest form, organizations do not fully account for the “Principle of Three Forces”.