Collaborate Disseminate
Last year, I wrote about the Verizon Payment Security Report saying it was ”Not Just for PCI.” Verizon liked that post enough to include its introduction in this year’s version. This recognition was a wonderful surprise. Like last year’s report, the 20… Continue reading Verizon’s 2020 Payment Security Report: Focusing on Strategy
The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with… Continue reading Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools
The 2020 Cost of Data Breach report from IBM and the Ponemon is out. It provides a detailed analysis of causes, costs and controls that appeared in their sampling of data breaches. The report is full of data, and the website allows you to interact with… Continue reading Using the Cost of a Data Breach to Maximize Your ROI on Your Security Tools
Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for … Continue reading A Checklist for Preparing for Your Organization’s Next PCI Audit
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and t… Continue reading MITRE Releases an Update to The Common Weakness Enumeration (CWE)
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before t… Continue reading NSA Releases Cloud Vulnerability Guidance
In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become r… Continue reading Developing a Data Protection Compliance Program – Verizon’s 9-5-4 Model
Chapter 1 In an ornate boardroom, a group of executives gathered at a large round table for their annual strategic planning meeting. Morgan, the CEO, was surrounded by Lana, the VP of Sales; Susan, the CISO, Smith, the COO; and Barbara, Chief Complianc… Continue reading Plights of the Round Table – A Tale of Weighing Risk
If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Inv… Continue reading Verizon’s 2019 Payment Security Report – Not Just for PCI
When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luc… Continue reading Steps for Successful Vulnerability Management: Lessons from the Pitch