Parents of Security

parents-of-security

While I thought we could ride on our recent successes for just a bit longer, attackers are back in full swing, filling my twitter feed with latest jaw dropping security news. As I waded in worry, I stumbled upon an interesting Benjamin Franklin quote, “Distrust and caution are the parents of security.” Should distrust and […]

Continue Reading →

Security Pros Bring Out Their Game Face

game-face

With ransomware and data breaches driving headlines, it can feel like security pros are always one step behind. However, I recently found a few stories that I thought were worth celebrating. Not everyone on the Inside Out Security Show panel – Mike Buckbee, Kilian Englert, and Kris Keyser – thought the stories were good news. […]

Continue Reading →

Adam Tanner on the Dark Market in Medical Data, Part I

stock-page

In our writing about HIPAA and medical data, we’ve also covered a few of the gray areas of medical privacy, including  wearables, Facebook, and hospital discharge records. I thought both Cindy and I knew all the loopholes. And then I talked to writer Adam Tanner about his new book Our Bodies, Our Data: How Companies Make Billions Selling […]

Continue Reading →

The Data Security Money Pit: An Independent Research Study from Forrester

forrester-tlp

We recently released a study with Forrester Consulting entitled “The Data Security Money Pit: Expense in Depth Hinders Maturity” that shows a candy-store approach to data security may actually hinder data protection and explores how a unified data security platform could give security professionals the protection capabilities they desire, including security analytics, classification and access […]

Continue Reading →

Connecting Your Data Strategy to Analytics: Eight Questions to Ask

rock

Big data has ushered in a new executive role over the past few years. The chief data officer or CDO now joins the C-level club, tasked with leveraging data science to drive the bottom line. According to a recent executive survey, 54% of firms surveyed now report having appointed a CDO. Taking on the role […]

Continue Reading →

More Dr. Ann Cavoukian: GDPR and Access Control

ann2

We continue our discussion with Dr. Ann Cavoukian. She is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). In this segment, Cavoukian tells us that once you’ve involved your customers in the decision making process, “You won’t believe the buy-in […]

Continue Reading →

Pen Testing Active Directory Environments, Part V: Admins and Graphs

maps-connections

If you’ve survived my last blog post, you know that Active Directory group structures can be used as powerful weapons by hackers. Our job as pen testers is to borrow these same techniques — in the form of PowerView — that hackers have known about for years, and then show management where the vulnerabilities live […]

Continue Reading →

#realthreats

varonis_2017_banner_linkedin_withwaves

Next month, the world will be talking security at the annual RSA Conference, which will be held in San Francisco on February 13th to the 17th. When it comes to discussing security matters, experts often tell us to take stock of our risks or to complete a risk assessment. However, perhaps before understanding where we […]

Continue Reading →

How to setup a SPF record to prevent spam and spear phishing

iphoneclosupemail

Some things go together like peanut butter and jelly: delicious, delightful and a good alternative to my dad’s “Thai-Italian Fusion” dinner experiments as a kid. When other things are combined it can be terrifying: like SPF records and spear-phishing. While the nuances of something seemingly mundane as SPF DNS records can seem like a dry […]

Continue Reading →

EU GDPR Spotlight: Do You Have to Hire a DPO?

calendar

I suspect right about now that EU (and US) companies affected by the General Data Protection Regulation (GDPR) are starting to look more closely at their compliance project schedules. With enforcement set to begin in May 2018, the GDPR-era will shortly be upon us. One of the many questions that have not been full answered […]

Continue Reading →

Dr. Ann Cavoukian on Privacy By Design

ann

I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). What’s more, she came up with PbD […]

Continue Reading →