Tabletop simulation exercises speed up ransomware response

Most people will never have a fire in their home or office, but everyone can remember going through a fire […]

Full Details

Safeguarding against the insider threat

The insider is still one of the most vulnerable elements of cybersecurity.  Insiders are those who are authorized to work […]

Full Details

Key security strategies for data breach prevention

If we have learned anything over the last few years about data breaches, it is that they are likely to […]

Full Details

Ransomware Incident Response: 7 steps to success

Ransomware infections are becoming increasingly commonplace, and companies that put a plan together before an incident are much more effective […]

Full Details

Crucial Elements of an Incident Response Plan

The news is crowded with reports from noteworthy companies of cyber-attacks.  Last year was the year of the data breach […]

Full Details

5 steps to a winning incident response team

People are the core of any incident response effort.  You must have the right people to provide the right response.  […]

Full Details

A breach is found. Now whom do I tell?

In 2014, the Identity Theft Resource Center (ITRC) tracked 783 data breaches with 85,611,528 confirmed records exposed. This year appears even more […]

Full Details

Point/counterpoint: Breach response and information sharing

Some breaches require notification such as those involving patient data or customer information, but sharing is optional. Of course, notification […]

Full Details

Cybersecurity’s common cold

New and creative security threats may grab headlines, but smart security practitioners know that many attackers still rely on the […]

Full Details

Don’t be a victim. Be a protector

As vigorously as many organizations are working to prevent them, data breaches are becoming more of a common occurrence, and the consequences […]

Full Details

The Largest Internet Security Breach in History

The largest internet security breach in history has just been discovered. Hold Security, a small cybersecurity firm, first reported the […]

Full Details

Data Security Breaches at Retailers

Security breaches and identity theft are becoming an increasing concern for consumers as hackers continue to target large retailers. Target, […]

Full Details

Twas the Night before the Breach

Twas the night before the breach, when all through the place Not an alarm was ringing, nor even a trace […]

Full Details

Ineffective Security Policy Adherence Results in Another Data Breach

The Florida Department of Juvenile Justice (DJJ) had a mobile device containing 100,000 youth and employee records stolen on January […]

Full Details

Malware behind university data breach

Salem State University in Massachusetts issued a data breach warning to faculty and students on March 11.  The warning informed […]

Full Details

Cyber Forensics: Collecting evidence for today’s data breaches

I will be presenting at the ISACA CPE & Social Event – Cyber Forensics & Cleveland Cavaliers vs. Miami Heat […]

Full Details

50,000 Medicaid providers’ data breached

On March 8, 2013, a contractor working for North Carolina’s Department of Health and Human Services (HHS) billing department stored […]

Full Details

Data breach threats of 2013

A recent study by Deloitte, titled Blurring the lines: 2013 TMT global security study, shows that 59% of Technology, Media, […]

Full Details

Ignorance of the breach is no excuse

The EU Information Commissioner’s Office (ICO) has stated with its recent fine for Sony of £250,000 that lack of knowledge […]

Full Details

U.S. Department of Energy suffers data breach

Two weeks ago hackers took control of 14 servers and 20 workstations at the U.S. Department of Energy (DOE), obtaining […]

Full Details

HIPAA Omnibus increases data breach response requirements

The Department of Health and Human Services (HHS) released the HIPAA Omnibus rule on January 17, 2013, designed to give […]

Full Details

Canadian Hack Back

Back in November, I blogged about the hack back initiative here in the United States.  Well, similar debates are taking […]

Full Details

Small healthcare data breaches can result in significant fines

On January 2, 2013, the Department of Health and Human Services (HHS) fined the Hospice of North Idaho $50,000 for […]

Full Details

Dexter malware threatens data breaches on point of sale equipment

Security researchers have identified a new malware called Dexter that specifically targets Point of Sale (POS) systems such as cash […]

Full Details

Effectively gathering facts following a data breach

It is easy for miscommunication to happen after a data breach.  There could be many people working on the incident […]

Full Details

Who’s stealing your data?

Here is a fact that many of us would like to forget.  Most data theft occurs by insiders.  This is […]

Full Details

Hospitals are the highest risk for data breaches

Recent research shows that hospitals are the highest risk for data breaches.  The third annual benchmark study on patient privacy […]

Full Details

Organizations are failing at early breach detection

A recent finding by Gartner titled “Using SIEM for Targeted Attack Detection” is that 85% of breaches go undetected.  Those […]

Full Details

Data breach notification: Are you meeting customer’s expectations?

Government regulation, including the well-known HIPAA and GLBA, are quite clear on the notification requirements for businesses suffering a data […]

Full Details

Hack back: The latest ethical consideration in cyberspace

Like paparazzi on celebrities, hackers pound on our organizational doors almost every second of the day.  It makes us want […]

Full Details

Using eDiscovery data mapping to prevent data breaches

Data breaches are occurring more frequently and companies are searching for a way to help prevent the breach by understanding […]

Full Details

Large government breach shakes confidence in state security

On October 10, the Secret Service’s electronic crimes task force discovered that the South Carolina Department of Revenue’s systems were […]

Full Details

Culture change through incident response

An organization’s security culture in relation to information security determines how receptive employees will be to security initiatives.  Culture can […]

Full Details

Concerning Data Breach News for Small Businesses

A recent survey of small business owners showed that while 77 percent believe that security is important for their company’s […]

Full Details

What is the real cost of a breach?

If you had a breach of your most sensitive data tomorrow, how much would it cost you?  There are quite […]

Full Details

Protecting against data breaches and security incidents with cyber insurance

Data breaches and security incidents are a significant risk for organizations and some are using cyber insurance to transfer the […]

Full Details

Data Breach Prevention Guide

Losing data can be tremendously devastating to a company. It could compromise security, information, and jobs. Today, we will look […]

Full Details

LulzSec Hacking of Sony

Thank you for staying tuned into our third case study and final installment of our four-part series on the Lulz […]

Full Details

LulzSec Hacking of Infragard and Univeillance

This post is the third part of a four-part series on the LulzSec hackers. Our first entry titled “Awareness Pains: […]

Full Details
Computer Forensic MAC Times

MAC times in computer forensics

I was explaining some computer forensics topics to a customer the other day and I was asked what MAC times […]

Full Details

Incident Response Workshop

At the incident response workshop I ran, we talked through a data breach caused when private data on an FTP […]

Full Details