Collaborate Disseminate
With many applications being utilized in a SaaS model, it’s important to encrypt the traffic between end users and applications. When personal and sensitive data is transferred, processed or stored off local premises, the connections between these poin… Continue reading How can enterprises secure encrypted traffic from cloud applications?
Creating separate accounts for business use on a third-party platform can be risky, but it depends on the context.Google offers organizations the ability to host their mail on its platform, and it also offers additional features to manage these account… Continue reading Should an enterprise BYOD strategy allow the use of Gmail?
The security of your data being held, processed or transmitted by a third party is always a security risk. Essentially, you have to trust an organization other than your own with the security and care of your data.The third party or business partner co… Continue reading What should you do when third-party compliance is failing?
Many times you’ll see attackers exploit low hanging fruit to breach a network, but other times they really have to work to get into a target. This due diligence has to be respected. I’m not saying hacking into an organization for malicious gain is appr… Continue reading Gotta Respect the Hacker Hustle
Many times you’ll see attackers exploit low hanging fruit to breach a network, but other times they really have to work to get into a target. This due diligence has to be respected. I’m not saying hacking into an organization for malicious gain is appr… Continue reading Gotta Respect the Hacker Hustle
Here’s an article I was quoted on regarding why it’s a bad idea to give the government a backdoor into into encryption:https://www.venafi.com/blog/security-professionals-weigh-on-encryption-backdoors-a-bad-idea-given-governments-own-data Continue reading Weighing In on Encryption Backdoors
New regulations announced this year will ensure that within New York State, there will be ‘minimum security standards’ that financial services firms will be obliged to meet. The intention of these measures is to encourage organizations to keep pace with changes in technology and ensure a cybersecurity program that ‘is adequately funded and staffed’.
In this opening keynote, we will look at the over-arching obligations of the NYC Cyber Regulations and evaluate what the minimum standards will be and how businesses will need to adapt to fit into this framework.
What exactly are the NYC Cyber Regulations?
Continue reading Infosecurity Fall 2017 Virtual Conference Agenda
Yesterday I took part in a FEMA virtual tabletop exercise with my local county. It was great seeing other counties within the country prepare against cyberthreats against their infrastructure. These tabletop collaborations allow other local businesses … Continue reading FEMA Virtual Cybersecurity Tabletop Exercise
The NYS DFS was kind enough not drop the entire regulation on businesses all at once and broke up adherence within transitional phases. This means organizations will have the opportunity create a phased approach based off these transitional phases to become compliant over the next two years.
With the first phase expiring shortly it means covered entities are required to have these particular aspects of the regulation in place during this timeframe.
For the first transitional phase covered entities that aren’t exempt will need to adhere to the following sections within the guidance. Read the rest of my article at HelpNetSecurity here:
https://www.helpnetsecurity.com/2017/08/23/nys-dfs-cybersecurity-transitional-phase/
Continue reading What’s needed for the first NYS DFS cybersecurity transitional phase?
I was quoted in SCMagazine regarding the top 10 security challenges of 2017. To ease the suspense my top concern was “patching”. I know it’s not sexy, but I’m still very concerned by it based off patching procedures based of what we’ve seen this year. … Continue reading Top 10 Security Challenges of 2017