The Problem With Passwords

If true, the news this month that a Russian crime ring has stolen 1.2 billion username and password combinations would be the largest security breach experienced to date.  There is wide debate and skepticism as to whether this breach actually happened, and if so, the extent of the impact.  Perhaps time will tell. Continue reading

Are Cloud Services Secure?


Reading this morning’s edition of “Investors Business Daily” (IBD), I was drawn to the Internet & Technology section where the main article discusses Financial Services firms, now having their security fears appeased, are now moving to the cloud.  The thought really does come back to the fundamental question:  “Are Cloud Services Secure?” Continue reading

What do Pickpockets and DDoS Have in Common?

Often in conversations, I will point out that information security really is not about technology; it is about business and real life.  True, we live in a digital age, and cybercrime utilizes technology simply because our real world now heavily relies upon the Internet and technology.  Still, technology merely mirrors and is a representation of our physical world, albeit faster. Continue reading

Delta Airlines still running XP?

While making my way through the terminal at IAD yesterday in the early morning hours, I walked past the Delta check-in area and noticed one of the self service check-in terminals was not logged in.  What attracted my interest was the login screen was clearly Windows XP.  The imagination easily runs a bit wild on this one, particular since we must be so vigilant about security at the airport. Continue reading

Security Controls Fail – Why?

Three Trillion Reasons – One Answer

According to a recent McKinsey Report, by the year 2020, the total cost of ineffective security will reach $3 trillion dollars annually. That is a huge number and one fifth of the current US GDP. (Gross Domestic Product) As another comparison, according to Forbes, US Healthcare spending hit $3.8 trillion dollars in February of 2014.  How on earth, as a society, are we going to finance that? More importantly, why can’t we solve the problem? Continue reading

Predicting Threats Against Information Systems

Security frameworks generally agree that the primary activities organizations need to engage in with regards to information assets are to:

  1. Identify Assets
  2. Protect against events compromising confidentiality, integrity or availability
  3. Detect incidents
  4. Respond to actual incidents
  5. Recover

Continue reading

Generation No Privacy

As Generation X and Millennials now make up a large portion of the workforce, their attitudes towards privacy  have substantial impact on organization security.

On a recent, short flight to Washington, DC, I was reading the US Airways magazine in the seat pocket and ran across some interesting statistics.  The article was quoting a survey conducted by Fortinet, and offered the following insights: Continue reading

Security is Big Business

Make no mistake, Information Security is BIG business. Global spending in 2012 rose to around $60 billion with estimates rising to $86 billion by 2016. 1 While security spending certainly can strain any budget, even at large corporations, how are small and mid-sized companies supposed to cope with such escalating costs? What are some of the drivers to the escalating costs? Continue reading