How I Would Secure the Internet with $4 Billion

For anyone and everyone debating the value of secure coding, please read this article.  For anyone questioning the current target of Federal dollars for cyber security, read this article.  This is stocked full of fantastic insights.$4-billion/a/d-id/1320623

We don’t cover stupid, says cyber insurer that’s fighting a payout

The nature and value of cyber insurance has been a closely watched debate in IT Security circles for some time.  Far too many organizations are hanging their hat and trusting their financial futures on having a large cyber insurance policy while ignoring the basic blocking and tackling of IT security best practices.  This article demonstrates a potential outcome to such an attitude.

Innovation vs. Risk & Compliance in Financial Services

I love the balancing act that innovation versus risk compliance represents, especially in a vertical like financial services.  There are so many great ideas that must be tempered and hardened in an insecure world.  I also love that IT Security is beginning to recognize this problem and move the conversation forward.  I worked hard when managing a security team to move our stock answer from “no” to a firm “yes, but…”.  Be willing to compromise as long as integrity can be maintained.

Microsoft and the Software Lifecycle

The patch management and vulnerability management nightmares that come along with battling end of life software and operating systems are not worth the effort.  Many organizations avoid upgrades under the guise of legacy software demands and shrinking maintenance windows.  Stop!  It is simply not safe and not worth it.  You are raising your risk level in an era of unprecedented criminal activity and known attack vectors.  Take the time to properly maintain your environments.

Krebs – Recent Breaches a Boon to Extortionists

Given the potential nature of the sites being compromised, extortion can become a powerful tool for cyber criminals.  Online activity is more than simply shopping for shoes or looking up sports scores.  All of your online activity can be used against you.  Be prepared and use precaution when surfing.  This type of compromise is just the beginning.