IT Concerns Country to Country: Ponemon Institute Study


Varonis recently released the third and final part of a study about data protection and enterprise security with the Ponemon Research institute: Differences in Security Practices and Vigilance across UK, France, Germany and US. This report compares survey responses of more than 3,000 IT professionals and end-user employees in UK, France, Germany and US. The […]

Continue Reading →

The Federal Trade Commission Likes the NIST Cybersecurity Framework (and You Should Too)


Remember the Cybersecurity Framework that was put together by the folks over at the National Institute of Standards and Technology (NIST)?  Sure you do! It came about because the US government wanted to give the private sector, specifically the critical infrastructure players in transportation and energy, a proven set of data security guidelines. The Framework […]

Continue Reading →

Are Wikileaks and ransomware the precursors to mass extortion?


Despite Julian Assange’s promise not to let Wikileaks’ “radical transparency” hurt innocent people, an investigation found that the whistleblowing site has published hundreds of sensitive records belonging to ordinary citizens, including medical files of rape victims and sick children. The idea of having all your secrets exposed, as an individual or a business, can be […]

Continue Reading →

Six Degrees of Kevin Bacon (Security Edition)


Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. […]

Continue Reading →

NSA Contractor Arrest Reinvigorates Interest in Insider Threat

Processed with VSCO with c4 preset

Despite efforts to reform its security after the Edward Snowden breach three years ago, the NSA announced another security breach involving one of its own contractors, Harold Thomas Martin III. This latest bombshell suggests continued vulnerabilities at our nation’s spookiest agency. In an effort to better guard the government’s sensitive data, White House spokesman Josh […]

Continue Reading →

When a Cyber Attack Is a Political Weapon


We’re not surprised when hackers attack companies to scoop up credit card numbers or to cause IT disruption. If they’re state sponsored, they may target organizations to pull out intellectual property – military secrets or other sensitive information — as part of a cyber-espionage program. But hackers associated with a party (or state) hacking into another […]

Continue Reading →

Zero Trust Security: Tough Love for Your Employees


“Users inside a network are no more trustworthy than users outside a network” That’s a quote from the Oversight and Government Reform Committee in the latest 231-page OPM breach report. The report highlights an important solution for preventing data breaches: implementing the Zero Trust Model. What is the Zero Trust Model? Developed in 2009 by […]

Continue Reading →

The Enemy Within: A Free Security Training Course by Troy Hunt


It takes a very long time to discover a threat on your network according to the Verizon DBIR: Which is mind-boggling given the most devastating breaches often start with an insider—either an employee or an attacker that gets inside using an insider’s credentials. Target, OPM, Panama Papers, Wikileaks. The list goes on and on. The […]

Continue Reading →

Five More Videos from RSA 2016


It’s been a few months since we last visited the RSA sessions from this year’s conferences. Much has happened since then: for starters,  more ransomware, Yahoo, increased GDPR awareness, news details on OPM, and state actors behaving badly. With that in mind, we reviewed the archived RSA 2016 videos and came up with five prescient sessions that help […]

Continue Reading →

How to setup your DNS Server like North Korea


I can only imagine it’s a high stress job doing IT support for Kim Jong Un as he’s the kind of manager who probably watches you over your shoulder, touches your screen a lot and drops dark hints about “disappearing” your family for three generations if the patches don’t get deployed properly. While we often […]

Continue Reading →

New York State Proposes Real-World Cybersecurity Regulations for Banks


The EU General Data Protection Regulation (GDPR) has raised the bar for what we expect from a national data security and privacy law. The US doesn’t really have anything close (outside of HIPAA for medical PII). So it’s interesting to see some movement at the state level. Let’s now give a shout out to New […]

Continue Reading →