Author: afbadmin

Marriott Data Breach and Cyber Due Diligence

You can’t find every attacker but you can indemnify against the worst outcomes Marriott surely did some cybersecurity due diligence when it acquired Starwood Hotels and Resorts in 2016 but we learned this month that those efforts did not prevent Marriott from suffering one of the worst intrusions (in terms of the number of consumers …

Read More “Marriott Data Breach and Cyber Due Diligence”

The Equifax Breach Should Result in Legislation, But Not What You Think

All of these authorities form an incomplete patchwork that means that even in the egregious situation we find in the Equifax breach, in which so many consumers are affected and it seems likely that the security practices of the company were insufficient, there may not be direct liability for failing to provide a basic level of security for consumers.

What Does the Equifax Breach Mean for You?

A week after it was announced, the whole world is still buzzing about the breach of Equifax that compromised sensitive data of 143 million Americans between May and July of this year and the damning fact that Equifax insiders had a chance to dump their stock and avoid inevitable losses before last week’s disclosure.  Equifax …

Read More “What Does the Equifax Breach Mean for You?”

Explaining How the Equifax Breach Highlights Policy and Legislative Gaps

To paraphrase Shakespeare, I did not come here to vilify Equifax for its incompetence and malfeasance but to bury, hopefully, the model that has led us to this breach. Here is the fundamental problem and one way to understand this situation:  as of this breach you almost certainly do not have a direct relationship with …

Read More “Explaining How the Equifax Breach Highlights Policy and Legislative Gaps”

Comic Bee and Cybersecurity Training

Last month, I attended the Department of Homeland Security (DHS) Science and Technology Unit’s Cybersecurity Division (CSD) headline conference on the research they are funding and how it ties to the real world problems DHS is charged with addressing.  It was a pretty incredible line-up as the agenda will demonstrate to anyone.  I particularly enjoyed …

Read More “Comic Bee and Cybersecurity Training”

NIST Publishes Summary of Cybersecurity Framework May 2017 Workshop

In the current world of cybersecurity, the most important document out there is the “Framework for Improving Critical Infrastructure Cybersecurity” or the National Institute for Standards and Technology (NIST) Cybersecurity Framework (CSF).  In fact, while NIST has held the pen on drafting the Framework, it is much more than a NIST-produced document.  Developed in response …

Read More “NIST Publishes Summary of Cybersecurity Framework May 2017 Workshop”

Can We Build Resilient Systems?

A recent post on cybersecurity got me thinking about the nature of the approach of many organizations to protecting their networks.  Citing the old terrorism adage (adapted for cybersecurity) that “[t]he attacker only has to be right once, we have to be right every time,” the author accurately asserts that cybersecurity is part of the …

Read More “Can We Build Resilient Systems?”

Why an Information Audit?

There are as many approaches to giving advice on cybersecurity as there are cybersecurity consultants. Fundamentally, there is a theme almost all approaches share: cybersecurity problems boil down to getting basic things, often collectively referred to as cyber hygiene, right. Doing basic things right is great advice but you still have to figure out how to …

Read More “Why an Information Audit?”