Information Security Leader, Author, Instructor and Speaker

Tech Tips: Running a Vulnerability Scan

Vulnerability scanning plays a critical role in the information security program of any educational institution. Conducting regular security scans ensures that administrators remain aware of the state of security on their networks and allows them to quickly remediate vulnerabilities before an attacker exploits them.

Conducting vulnerability scans consumes network bandwidth and ties up resources on the systems being scanned. In the worst case, these scans may inadvertently result in system outages or other operational issues. IT staff preparing to scan campus networks should follow a set of best practices to protect the integrity of their institution’s information systems. In this article, I offer four tips on operating a safe and effective vulnerability scanning program.

Read More: Tech Tips: Running a Vulnerability Scan

Published March 17, 2015 in EdTech Magazine

Posted in Articles | Tagged | Leave a comment

Could Apple Pay fundamentally change PCI DSS compliance?

Apple Pay, the recently released mobile payment system on Apple’s iPhone 6, is making waves in the security community and being praised for the attention it provides to securing credit card transactions. Tokenization, the technology underpinning Apple Pay’s security model, is not new, but Apple Pay may provide the impetus for this technology to go mainstream.

From the consumer’s perspective, Apple Pay is an ideal way to conduct a transaction with a merchant because it preserves the consumer’s privacy during the transaction. During a normal credit card transaction, the merchant reads the consumer’s name and credit card number from the magnetic stripe on the back of the card. During an Apple Pay transaction, the merchant receives only an anonymized one-time-use code that facilitates the transaction.

Read More: Could Apple Pay fundamentally change PCI DSS compliance?

Published March 8, 2015 on SearchSecurity.com

Posted in Articles | Tagged , , | Leave a comment

Context-Aware Intrusion Prevention

Over the past few years, security professionals around the world have undertaken projects to convert their enterprise firewalls to the latest technology – next generation firewalls (NGFW). These systems leveled up firewall technology by providing the firewall with more information – data that provided context about applications and users and allowed the firewall to make more intelligent decisions about network access. It’s now time for intrusion prevention systems (IPS) to make that same leap.

The newestintrusion prevention technology, next generation IPS (NGIPS), is able to incorporate new data sources that dramatically improve the IPS’ ability to protect networks against attack. With these systems, you can incorporate information about your network and applications into your intrusion prevention strategy to build more robust defenses for your organization’s network.

Read more: Context-Aware Intrusion Prevention

Published March 4, 2015 in BizTech Magazine

Posted in Articles | Tagged , | Leave a comment

Can legal departments complement IT security?

Legal teams have long played an important role in information security and compliance programs. The expertise that attorneys bring to the table complements the technical subject matter expertise of IT professionals and, when working toward a common purpose, contributes to a well-rounded IT risk management program. In this tip, I look at three different ways that legal teams can contribute to information security efforts in enterprises of all sizes.

Legal departments often find themselves thrust into the middle of enterprise risk management programs for two reasons. First, they are normally privy to many of the sensitive risks facing different areas of the business. Second, many organizational risks are legal in nature, requiring the expertise of an attorney to assist in interpreting laws and regulations and to estimate the impact on the organization should a violation arise.

Read more: Can legal departments complement IT security?

Published February 27, 2015 on SearchSecurity.com

Posted in Articles | Tagged , , , | Leave a comment

What the Community Health Systems Breach Can Teach Your Organization

In the spring of 2014, hackers penetrated the systems of Community Health Systems (CHS), a network of 206 hospitals located across the United States. They made off with sensitive personally identifiable information from over 4 million patients, including names, Social Security numbers, birthdates and employment information.

What happened at Community Health Systems? What can enterprises learn from the breach? This tip looks at the lessons you can extract from the CHS breach to protect your organization’s health information and keep HIPAA regulators at bay.

Read the full story: What the Community Health Systems Breach Can Teach Your Organization

Published February 19, 2015 on SearchSecurity.com

Posted in Articles | Tagged , | Leave a comment

Preparing for 802.11ac

Is your agency prepared for the next revolution in wireless networking? The traditional wireless networks that served agencies well for the past decade are quickly becoming outdated relics in desperate need of upgrading. Today’s mobile user requires ubiquitous high-bandwidth connections throughout an agency’s facilities.

The advent of 802.11ac wireless networking promises to fill that demand by tripling the speed of existing 802.11n networks. Technology advances over the next few years promise to further increase 802.11ac speed by a factor of four until the technology provides 6Gbps wireless connections, compared to today’s 0.5Gbps maximum. 802.11ac achieves this benefit by leveraging several technical enhancements, including the use of the 5 GHz radio spectrum.

Read More: Preparing for 802.11ac

Published February 13, 2015 in FedTech Magazine

Posted in Articles | Tagged , , | Leave a comment

Cloud First: Building a Common Strategy

ITANA

Higher education IT is in the midst of an exciting transformation.  The economies of scale, resiliency, flexibility and agility provided by cloud computing are rendering the construction and maintenance of on-premises data centers obsolete.  Over the next decade, the availability and advantage of new technology models will result in a substantial decrease in the use of on-premises data centers.  In this ITANA webinar, I shared details on a collaboratively built “Cloud First” strategy for higher education IT that moves from a traditional data center model to one centered on the public cloud and cloud-based services.

View the presentation: Cloud First: Building a Common Strategy

Read the strategy document: Cloud Strategy for Higher Education

Posted in Presentations | Tagged , | Leave a comment

Managing Change in the Cloud

i2coverslide

In today’s Internet2 Cloud Proud webinar, I had the opportunity to share some thoughts on how organizations can effectively build cloud teams by following three principles:

  • Calm the fear, uncertainty and doubt
  • Make it real
  • Build a strong team

Both the session slides and a session recording are available online.

Posted in Presentations | Tagged , , | Leave a comment

So You Want to be a CISO?

The Chief Information Security Officer (CISO) is a coveted position in many IT organizations. The high demand for qualified CISOs leads to tremendous competition for qualified candidates and correspondingly high salaries. But what’s the real deal behind the scenes? Do you have what it takes to serve in a CISO role? If not, what qualifications do you need before you can join the information security big leagues?

Sitting in an organization’s senior-most security chair requires a unique mixture of professional experience and educational background. The CISO position is a career capstone for some and a way station to the CIO chair for others. Either way, arriving at this destination requires careful career planning. Most CISOs don’t get there by accident!

Read More: So You Want to be a CISO?

Published January 29, 2015 in Certification Magazine

Posted in Articles | Tagged , , | Leave a comment

Next Generation Firewalls: The New Norm in Defense

Increasingly sophisticated cyberattacks have led organizations to adopt correspondingly sophisticated levels of security control. Information security professionals now expect cyberattacks to be part of their normal operating environment and realize that these attackers wield effective tools that greatly exceed the capabilities of yesteryear’s script kiddies. Such advanced weapons require equally sophisticated defensive measures.

Many enterprises currently rely upon a security infrastructure full of niche solutions that were designed to combat earlier threats. The major challenge these niche solutions pose is that they do not communicate with each other, so they can’t share critical information to help establish and enforce security policies.

Next-generation firewalls (NGFWs) address this problem by providing a single point of visibility into multiple areas of security functionality. They provide security teams with the ability to control network traffic in a manner that protects enterprises against cunning attacks.

NGFWs achieve this by integrating multiple security technologies in a single platform. They combine the features of stateful inspection firewalls, intrusion prevention systems, content filtering and application control on a single piece of hardware and then allow those components to communicate with each other.

Read the full CDW white paper: Next Generation Firewalls: The New Norm in Defense

 

Posted in White Papers | Tagged , , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple