One can say that there are three stages of information security operations:  Prevention, Detection, and Response.  Of the three, it is usually prevention that gets the most attention. It recalls the old saying, “an ounce of prevention is worth a pound of cure.”...

Representative Tom Graves (R-GA) released federal legislation in February 2017 (with updates in May) called the “Active Cyber Defense Certainty Act,” or ACDC. It’s intended to make it legal for victims of hacking attacks to “hack back” as a means of defense. To...

This morning, a ransomware-type attack occurred on several companies in Europe. The systems at Telefónica's headquarters in Madrid appear to have been the initial targets of this attack and news reports indicate that 85% of the company's computers were infected and...

Caught between the low value SME and the locked down large enterprise, the mid-market is looking increasingly attractive to attackers. A recent government report reveals that 51% of companies within this category suffered a security breach in the year leading up to...

Does your IR plan lead you in every direction but the right one? Stop what you are doing. Pull out your written Incident Response plan (if you have one at all). Now, think about this. When is the last time it was physically touched? Is it actually, literally, dusty?...

Technology is something taken for granted by kids. The so called Millenial Generation was born inserted in a world where portable multimedia communication is common sense. Ask any teenager if they can imagine a world without social networks, apps, tablets or...

Social networks, email, online shopping, cloud storage, both in the corporate and private world, there are many services used daily that request logins and passwords for access, and in most cases, users opt for the convenience of using the same data. In recent years,...

You may have seen in the media over the last couple of weeks’ references to hacks and the SWIFT financial network. So for those of you not overly familiar with banking and finance, what is SWIFT and why should it concern you? SWIFT, or to give it its full title, the...

Overview It has certainly been a busy time for the PCI Security Standards Council over the last year with the release of version 3.1 and now the draft release of version 3.2 of PCI DSS. This is no bad thing as it shows that the PCI Council is adapting its approach to...