What Pandemic Responses Teach Us About Cybersecurity
I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me ... Read More
Verizon’s 2020 Payment Security Report: Focusing on Strategy
Last year, I wrote about the Verizon Payment Security Report saying it was ”Not Just for PCI.” Verizon liked that post enough to include its introduction in this year’s version. This recognition was a wonderful surprise. Like last year’s report, the 2020 publication goes well beyond PCI in its information ... Read More
Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools
The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with its information so that ... Read More
A Checklist for Preparing for Your Organization’s Next PCI Audit
Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re ... Read More
MITRE Releases an Update to The Common Weakness Enumeration (CWE)
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations, MITRE is also known for another resource: the Common Weakness ... Read More
NSA Releases Cloud Vulnerability Guidance
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls. As ... Read More
Plights of the Round Table – Strategic Lessons from the Casino
In Part 1 of the Plights of the Round Table, the executive staff of Camelot was working on the strategic plan for the following year. Morgan, the CEO, needs to decide how to spend her limited budget for the best interest of Camelot. Lana, the VP of Sales, thinks they ... Read More
Developing a Data Protection Compliance Program – Verizon’s 9-5-4 Model
In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the ... Read More
Plights of the Round Table – A Tale of Weighing Risk
Chapter 1 In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Compliance Officer. There was much to get done ... Read More
Verizon’s 2019 Payment Security Report – Not Just for PCI
If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read ... Read More
