Recently a friend of mine sent me a photo of the image on his computer screen. It was a Windows firewall warning message that his computer had been infected with malware. He said that when he tried to re-boot the computer it got into an endless loop and he could not get it to do anything. He finally took it to the computer repair shop, and they had to reload a new system. Thankfully he had a complete, clean, backup of all his files, so he didn’t lose anything. I asked what the repair folks said the problem was, and he indicated that they didn’t tell him anything specific, only that he “probably had bad malware.” (more…)
Posts Tagged ‘privacy compliance’
Stay Alert for Stegoloader and Rombertik Malware Threats
Friday, July 17th, 2015Hey, Developers! Save Privacy in the IoT Explosion
Thursday, July 2nd, 2015I’ve been concerned with and writing about the information security and privacy risks involved with the data created, transmitted and processed by smart devices in the Internet of Things (IoT) for several years since they first started emerging (e.g., here) and will likely be writing on it even more in the coming months and years. According to a new IDC research report, the IoT market will grow from $655.8 billion in 2014 to $1.7 trillion in 2020 with a compound annual growth rate (CAGR) of 16.9%. Will privacy die in this IoT explosion? If IoT developers and manufacturers take action now, I’m optimistic that they can save privacy in the IoT explosion. (more…)
Change Controls Are Still Necessary
Friday, June 5th, 2015In the past week I helped a client whose programming staff had just caused a business disruption for the fifth time in two months because of the changes they made in the program code of their online service. The programmers, and so many of my other clients, have expressed the opinion that they can just code something and plop it out into production, without testing. And then they try to tell me that is “agile programming.” No, it is not. It is unsecure and, quite frankly, lazy programming. (more…)
Corporate Communications Officers Tying The Hands Of Information Security and Privacy Pros
Tuesday, April 29th, 2008I’ve been here at the CSI SX conference for the past few days, and I’ve had the great opportunity and pleasure of speaking with a large number of folks while here. I was finally able to meet Ron Woerner in person (nice to meet you Ron!) after communicating with him in the Security Catalyst Community over the past 1+ year.
I love coming to these conferences and just talking with the participants. There is always at least one topic for which I receive enlightenment that I had not considered before. During the past few days I’ve spoken with 4 to 5 people who are responsible for information security, all from highly regulated industries, who all say despite their adequate to even generous information security and privacy budgets, some of their most important information security and privacy efforts are being quashed by their corporate communications offices; those responsible for the messages that are sent to personnel throughout the enterprise.
P2P Security Study Released
Monday, April 28th, 2008Do We REALLY Need Doctors To Do Consultations Via Email?
Friday, April 25th, 2008A few months ago I had some lively back-and-forth blog postings with a doctor who used email and instant messaging (IM) a lot in his practice; here, here and here.
Today my good friend Alec forwarded me another interesting news article (thanks Alec!) about the use of email by doctors; “It’s no LOL: Few US doctors answer e-mails from patients.”
Smart Business Leaders Support Effective Log Management Practices and Necessary Resources
Thursday, April 24th, 2008The second article in this month’s IT Compliance in Realtime Journal is, “Smart Business Leaders Support Log Management.”
I wrote this with an audience of information security and privacy personnel, along with IT managers, in mind.
Download the formatted PDF version to get the full content, not to mention a nicer looking document.
Here is the unformatted version…
My Information Security and Privacy Convergence Webcast Now Available
Wednesday, April 23rd, 2008Yesterday the ISSA posted on their website a free webcast I did, “Information Security and Privacy Convergence”
Here is the synopsis…
Improve Program Change Controls To Reduce Incidents
Monday, April 21st, 2008Recently in my Norwich MSIA class we were discussing the importance of program change controls, and I wanted to continue the discussion here because as important as it is, it typically does not get the attention it deserves in most organizations.
