If I were to ask you to install an exterior door in your child’s bedroom and told you that this door could not have any locks, alarms, or other security, how would you react? Most people would be uncomfortable with an unlocked door anywhere in their house and especially in their child’s room. How
Bring Your Own Device (BYOD) refers to allowing end users the ability to use their own personal mobile devices (e.g., phones, tablets, laptops, etc.) to conduct business instead of having a corporate device issued to them. BYOD is often seen as a cost savings and a step toward a “21st Century Workforce” by executives.
A key component to any successful and mature Information Technology (IT) team is a disciplined change control process. Few things are more frustrating to an IT manager than having a service affecting outage and not being able to immediately identify recent changes to the environment.
Change control requires rigor, discipline, auditing, and a commitment from
A classified spillage (commonly referred to as a spill) incident occurs when information is transmitted, processed, or stored on an information system that is not accredited to contain that level of information. Usually, this occurs when a classified document (confidential, secret, top secret, etc.) is created, stored, or emailed on unclassified systems or networks.
As a cybersecurity professional I get frequent questions from people who want to know how to keep their personal or business data secure. While it is true that the tools and techniques used by hackers are getting more sophisticated, the reality is that most breaches, even the very large and highly publicized breaches, could
The Office of Personnel Management (OPM) data breach takes cyberattacks against the United States to a new level. The motivation of the cybercriminals responsible for the OPM breach was not financial or hacktivism, but purely intelligence gathering. For context, the OPM is responsible for conducting security clearance investigations for many federal agencies and this
For my Master of Science Degree in Information Security and Assurance (MSISA) I wrote my thesis about the overall lack of standards, certifications, and accreditation in the digital forensics discipline (available here). This lack of rigor within our profession may very well jeopardize the credibility of our discipline.
Over the past decade that I have