8.7.23 > Jeff Norem “We have enough security budget to properly protect the organization and meet all of our risk and compliance obligations,” said almost no CISO ever – especially those at small- to midsized organizations. Most of us know budgets will always be tight, so how can we continue to improve without budget busting? Below are three ideas you can use to get more out of your security budget. Define your operating model – craft and share your security story How good is your security program documentation? Do you have a standard control and operating procedure formats and quality? ...

Click Here for the original note >  hc3_remote_id_management ...

Click the link to access > joint_csa_preventing_web_application_access_control_abuse ...

7.26.23 > Lee Ann Villella Protecting people and defending data in the face of cyber threats is crucial based on trends and patterns that have emerged in the cybercriminal landscape. Several key factors include: Evolution of Cybercriminal Business Models: Cybercriminals have honed their strategies and now primarily focus on three profitable business models: ransomware, data extortion, and business email compromise (BEC). These models have proven to be highly lucrative, outcompeting other illicit activities. Prevalence of Ransomware and Data Extortion: Ransomware attacks have become increasingly common, where cybercriminals encrypt victims' data and demand ransom payments to release it. Data extortion is ...

7.24.23 > Mark Ritchie I was sworn-in as Minnesota’s elected Secretary of State in January of 2007. During my first year in office, when I was still “learning the ropes,” I faced a challenge never considered in all my years of preparing to lead this office – a cyber-attack. Early one Monday morning I received an urgent message from our information technology department informing me that hackers, most likely from overseas, had exploited a vulnerability in our on-line, digital records system to disable our entire business services division, a critical component to Minnesota’s entire commercial infrastructure. Thus began one of ...

6.28.23 > Rohit Tandon We live in a world full of surprises. Sometimes events around us go unnoticed, and at other times similar events have the potential to disrupt. Smart folks will develop predictive models of how a specific event can impact our world and are forever tuning these models for that elusive accuracy. For example, the Old Farmer’s Almanac winter forecast has been predicting since 1792 and proudly claims 80% accuracy on their website. I cannot speak to the last 230 years that they were somewhat right, but for the 231 st year (Winter of 2022-23) they missed the ...

6.26.23 > Rebecca Duvick I regularly get asked whether the data on equipment we receive as part of our electronics recycling program is truly gone after it’s wiped.  The answer, based on the processes we use, is yes!  Electronics recycling is an important but often overlooked aspect of cyber security.   With cyber risk around every corner, it’s an important to know what to look for and ask of your provider. NIST, National Institute for Standards and Technology, is a government agency that provides guidance on cyber security topics and they have developed standards on erasing data from devices (also known ...

6.21.23 > Jerrod Montoya There are now 10 comprehensive privacy laws enacted in the United States. The new laws in 2023 include those in Montana, Indiana, Iowa, Tennessee, and Texas. These laws join already existing laws including California, Utah, Colorado, Virginia, and Connecticut. These laws all share commonalities that resemble the EU’s Global Data Protection Regulation (GDPR). However, the recently passed law in Tennessee stands out from all other laws in one significant way. What is Unique about Tennessee? The Tennessee law enacted on May 24, 2023 codifies an affirmative defense for companies that implement and maintain alignment with the ...

6.14.23 > Phil Schenkenberg Here in the United States, companies face a patchwork of legal obligations that address information security and data privacy. For example, federal laws target certain market segments (such as health care, financial services, and education), state laws target certain types of information (such as personal financial or biometric information), and both state and federal laws target unfair or unreasonable business practices. This patchwork—and the lack of comprehensive nationwide privacy and security standards—can make compliance challenging and frustrating. Security professionals and legal counsel must work hard to keep up. The Security and Exchange Commission (SEC) will soon ...