Top IT Security Bloggers

  • Advancing a Symbiotic Relationship Between COBIT, ISO Governance Standards

    As a 2003 CISA recipient and a former honorary secretary of the ISACA Singapore Chapter’s board of directors, I am honored to be selected as the ISACA liaison to the International Organization for Standardization (ISO) Technical Committee 309 – Governance of Organizations. Having served nearly three years as the chair of the US Technical Advisory Group to ISO Project Committee 278 to help develop, draft and evangelize the ISO 37001 Anti-Bribery Management System Standard, I see this as a wond...
  • Research Shows ‘White Male Effect’ Can Impact Risk Communications

    This is a story about researching a simple question: Why are there so many vulnerabilities in information systems? One answer that might strike a chord with ISACA members is: “failure to listen to experts.”Many of us have spent years advising companies to adhere to the principles of security by design and privacy by design, yet some still ship products with holes in them, vulnerabilities that leak sensitive data or act as a conduit to unauthorized system access. We’ve been teaching cyber-hygi...
  • Will Quantum Computing Break the Internet?

    “What could cause a digital Armageddon?” That is a popular question to pose to information and cyber security professionals, and when asked, I don’t hesitate: Quantum computing.While the principles of quantum computing are certainly complex, at a high level, the risk from quantum computing can be understood fairly quickly. Unlike a digital computer bit, which can only be a zero or one, a quantum bit, or qubit, can be a zero, one, and everything in between – all at the same time. For those who...
  • IoT Security and Privacy: Exploring Technology Solutions Aligned to Regulatory Needs

    In my last post, I spoke about the Internet of Things (IoT) in terms of trust, security and privacy at a high level. Here, I will take a deeper dive in terms of how IoT security and privacy can impact an ecosystem interconnect.When we talk about IoT, we think about the process we implement as we migrate to sensor-driven infrastructure for automated processes. Looking at economies and technology ramp-up trends from a financial perspective, we will expect that there with be standardization aro...
  • Understand Ransomware Methodologies

    Cyber security is now on the agenda in board rooms. The threats and risks in the cyberspace are significant enough to warrant the attention at the highest levels. In 2017, those conversations often have focused on ransomware. This year, the global community has experienced a large number of incidents related to ransomware. Organizations are anxious to ensure that the necessary approach and countermeasures against ransomware are understood and implemented. Security professionals therefore need...
  • As Smart Home Cyber Security Takes Center Stage, Practitioners Need to be Part of the Solution

    Cyber security gets a lot of discussion in terms of small business, but what few outside of the industry know is that many cyber attacks actually take close much closer to home. In fact, thousands of attacks actually occur in the home. Part of the role of security practitioners moving forward can be to educate homeowners and help them protect their households with stronger, more secure solutions.Hackers target home “security” systemsThe entire objective of a home security system is to keep th...
  • Measuring Cyber Resilience - A Rising Tide Raises All Ships

    I admit it … I am one of the 143,000,000 people afflicted by the Equifax breach. For those of us who reside in the US, that number approaches 60% of all adults, based on recent numbers from the US Census Bureau. Perhaps most unsettling is that failing to perform something as routine as a timely patch produced an event so catastrophic that it cost the CISO, CIO and CEO their jobs. Make no mistake about it, accountability for cyber resilience is in the boardroom and rests heavy on the shoulders...
  • Tips for Preparation and Success in the CGEIT Exam

    I recently received my CGEIT exam result, with a final score of 557. It is not an elite score, but surpassed the required number of 450. I was happy with this result, and glad about my CGEIT learning journey. For me, each autumn is a yearly planning and budget discussion season. It has become harder to balance all stakeholders’ expectations and to keep pace with the fast-changing business landscape. Through CGEIT preparations, I could verify my perceptions, discover theoretical systems to sup...
  • Data Governance Is Becoming More Complicated – Enablers Can Help

    Enterprises are becoming increasingly digital. Consider a bank that refers to itself as an information technology firm that happens to process financial transactions. Or, perhaps a manufacturer that likewise refers to itself as a technology company. The management of data is critical to all enterprises. A breach can cause enormous harm outside of the core business of the enterprise. Target had a significant data breach that caused the company material damage. Technology firms are obviously at...
  • Windows File Server Versions – Are Functionality Changes Necessarily a Headache?

    The security risk of running an unsupported version of Windows File Servers is not at the top of the IT topic debate list. Most will concur that enterprises electing to use an unsupported version of Windows may expose themselves to security vulnerabilities. These vulnerabilities arise because the patches and fixes that were formerly provided by Microsoft are no longer available. As a result, the enterprise may incur additional operational costs as it identifies (and sometimes purchases) its o...

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place