A Q&A with Matt Barrett, COO of Cyber Engineering Services Incorporated (CyberESI) First introduced in 2014, the National Institute of Standards and Technology (NIST) CyberSecurity Framework (CSF) has since become a widely held best practice far beyond the commerce industry. To get some perspective on the framework and how it’s evolved over the past five years, we talked to Matt Barrett, who was the program manager for CSF. (Note: Barrett currently serves as COO for Cyber Engineering Services Inc (CyberESI), a cyber risk management firm.)
A Q&A with Chris Salsberry of Crypsis
One of the most prominent cyber threats affecting companies right now is business email compromise (BEC). These attacks typically begin with phishing emails that capture log-in credentials.The widely used cloud-based Microsoft Office 365 has proven especially vulnerable, with millions of dollars lost in fraudulent wire transfers over the past couple of years. We talked to The Crypsis Group’s senior director Chris Salsberry about this attack vector and how companies can avoid being compromised.
A Q&A with Jim Leonard of InfoArmor
One of the newer and potentially more promising weapons being deployed in the battle for cyber security is machine learning, in which systems can improve themselves based on experience and previous data. We asked Jim Leonard, Director with the Advanced Threat Intelligence unit at InfoArmor for some insight on this technology and how it might help mitigate threats.
A Q&A with Chris Pillay of Meridian Technologies
An often-overlooked risk in cyber security is software development and testing, which is often done in house in large companies. To test software, engineers utilize either scrubbed data and where the process of scrubbing personally identifiable information is too complex, costly or time-consuming, live data is used, posing serious security and privacy risks. I learned more about this issue by talking to Chris Pillay, CEO of Meridian Technologies.
A Q&A with Scott Diamond of Chicago Crypto Network, LLC
Blockchain is an emerging technology with the potential to greatly reduce cyber risk and ensure data integrity. To find out more about how it works and why organizations can benefit from rethinking their business processes, I talked to Scott Diamond of Chicago Crypto Network.
A Q&A with David Lineman, Information Shield
Public entities are equally at risk for data loss incidents as organizations in the private sector, yet PEs are often far less prepared to handle these events. I spoke to David Lineman, president of Information Shield, about how PEs can strengthen their cyber security posture.
A Q&A with Quest
More organizations are adopting Microsoft’s cloud-based Azure Active Directory (AD) but maintaining on premises AD deployments to support legacy systems or applications without internet access. We call this a hybrid Active Directory deployment. Hybrid ADs may pose a security risk if not managed properly. Unexpected changes to the AD environment, such as changes in user privilege, multiple logins in rapid succession, and logins from unusual locations often provide the first indication of an external or internally initiated breach. We spoke to Keri Farrell, Brad Kirby and Matthew Vinton from Quest about this particular concern for organizations and how they can shore up security measures to avoid data loss.
A Q&A with Jay Edelson of Edelson PC
Hacking incidents at law firms have led to major data breach events in recent months. Even as all law firms store and handle sensitive client data, many of the smaller organizations tend to lack robust cybersecurity policies and procedures. I spoke with attorney Jay Edelson of Edelson PC about the cases he is bringing on behalf of plaintiffs and what law firms should be doing to avoid or minimize these events.
A Q&A with Hans Allnutt of DAC Beachcroft, LLP
Adopted in May, the sweeping General Data Protection Regulation (GPDR) replaces the E acheter viagra inde.U.’s long-outdated Directive 95/46/EC. The privacy regulation, which takes effect after a two-year transition period, calls for steeper sanctions and fines for violations. To find out more about what its adoption will mean for risk managers, I spoke with Hans Allnutt of DAC Beachcroft, LLP.
In February California Attorney General Kamala Harris released her state’s data breach report and outlined “reasonable” security measures that companies should employ to avoid enforcement actions. I talked to litigator Tanya Forsheit about the AG’s recommendations and how companies should address them.