The Next Milestone for the NYS DFS Cybersecurity Regulation is Approaching

The landmark NYS DFS cybersecurity regulation that took effect in New York State in March 2017 is approaching its third of four milestones. This was the first regulation of its kind that included prescriptive direction for the protection of personally identifiable information handled by all financial institutions that conduct business ... Read More

The GDPR Deadline Has Passed – Now What?

I was listening to Jenny Radcliffe interviewing Sarah Clarke on The Human Factor podcast the other day. (If you haven’t tuned in to this podcast, you are definitely missing out on a magnificently entertaining and educational experience!) Sarah made an accurate observation about what would happen after the May 25th ... Read More

Encryption Is Only as Strong as Your Password

In recent months, the encryption debate has heated up once again. Most recently, some shock waves were sent across the industry when ThreatWire reported a new tool, known as GrayKey, which could decrypt the latest versions of the iPhone. Fortunately, that tool is only available to law enforcement agencies… for ... Read More

New Report Offers Better Cybersecurity Definitions

The Council of Economic Advisers recently released a report that examines the cost of malicious cyber activity to the U.S. economy. The report cites many of the usual findings from the Verizon DBIR and Ponemon reports. Nothing new to those of us who live and breathe cybersecurity. However, the report ... Read More

Let’s Not Be Our Own Worst Security Enemy

If you are like most infosec professionals, you probably have to evaluate the security awareness training program that will be used in your organization. These training programs are important, and more recently, they are required in many regulated organizations. Perhaps your security awareness training is “home grown,” or perhaps you ... Read More

Policium Concisium: Advice on Writing a Security Policy

What do your policies look like? If your organization is like most, then your policies are probably voluminous and all-encompassing. This is a good thing – or is it? Probably one of the most painful aspects of being an infosec professional is having to author or review policies. (Audit is ... Read More

Opinion: It Is Time for a Duress Code on Cell Phones

Have you seen the stories about the warrantless devices searches by various border agents? It seems that many folks have had their cell phones confiscated (sometimes forcibly) in order to protect the borders as people travel into the United States. Many of the folks subject to these searches are American ... Read More
The State of Security