With the recent electrical attack, I have been receiving questions from various employees about what we would do in the instance of an emergency, especially one that could involve our computer networks. So, in response, I have formulated a strategy for the various types of catastrophes we could encounter, from a natural disaster to a … Read more
What are examples of risk that affect the information infrastructure, but are not IT based in origin? How does a CISO determine which threats are realistic threats and which are probably not going to be an issue? What characteristics are necessary for a successful CISO and why? Which of these characteristics do you have? Which … Read more
The organization that you work for has an email policy that prohibits forwarding chain e-mail. What is the purpose for implementing such a rule within the company’s policy? The obvious answer is probably the most practical. By having a security policy in place prohibiting chain emails, you can cut down on inane interruptions to workflow … Read more
Why is it important to involve a wide variety of employees during the audit process? Auditing isn’t only a critical procedure, it can also be an informative one. By involving all facets of employment in an auditing procedure, you gain perspectives and flesh out misconceptions from the ground up. By involving everyone from the … Read more
Recent events have brought to light the vulnerability of our industry, and our systems in general. Late last month, immediately following the election, where numerous radio stations were hijacked and involuntarily played offensive content. (Ars Technica, 2016) Though no charges were filed for the involuntary breach of compliance, one can see where this new possibility … Read more
The ubiquity of the internet is an inspiration and terrifying truth that we face in the 21st century. On one hand, the unprecedented level of interconnectivity and the accessibility of facts and information facilitate progress in a way that has never before been fathomed. But the same system that benefits corporate growth and government communications … Read more
What makes social engineering so successful? Demographically speaking, list in order the people most susceptible to least susceptible affected by social engineering. Give at least three different groups. There’s a sucker born every minute” – P.T. Barnum. …probably. Social Engineering works because it exploits the machinations of community. You trust your neighbor because you want … Read more
It seems almost everyday someone from the sales department asks me, ‘Why is security important?’ ‘Why do we have passwords on everything?’ ‘Can’t we make it easier?’ We do a lot of our business online, and email is an integral part of our organization. If any of our clients data is ever compromised we could … Read more
Past Practices in Information Security and Potential Predictions of Future Vulnerabilities I remember the day I became interested in computer security. I was thirteen years old, and it was the year 2000. Everyone was in a panic over the computers, proclaiming the end of the world, and as a susceptible and impressionable teenager, I believed … Read more
Some critics dismiss discussion of cyberwar as Fear, Uncertainty and Doubt (FUD), designed to increase sales of hardware, software and consulting services. Taking recent events into consideration, do you agree or disagree with the critics? Why? I agree with the critics, to a particular extent. Again, I’m coming from a consumer based perspective, and I … Read more