Information Security Leader, Author, Instructor and Speaker

Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

The worldwide market for cybersecurity products and services will surpass $95 billion this year, according to Gartner. That’s a staggering amount of money, and it represents an ­8­ percent increase in the size of the market since the beginning of 2017.

Is all of that spending really necessary? Much of it is, of course. But in my experience, many organizations purchase new security solutions without first conducting a thorough risk assessment and gap analysis to identify and prioritize their security needs. Some never evaluate their ability to meet emerging threats with existing resources.

Following such an assessment, an organization may conclude that new controls are required, but they may also discover that upgrades and configuration changes to existing controls are also needed — or, perhaps, are all that’s needed — to provide a solid, layered defense.

Read the full article: Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

Published May 2018 in BizTech Magazine

Posted in Articles | Tagged | Leave a comment

An old exam format is making an IT certification comeback

In a quiet announcement last year, cybersecurity industry association (ISC)² made a major change to its long-established flagship testing program. Starting in December of 2017, the Certified Information Systems Security Professional (CISSP) exam moved to a new exam format: adaptive testing. This change took effect in December for all test-takers sitting for the English-language version of the CISSP exam.

Social media immediately lit up with concern, as test-takers tried to figure out what effect the announcement would have on their test-taking experience, as well as how the changes to the CISSP exam would affect the difficulty and content of the exam. Let’s take a look at adaptive testing in general, discuss ways that you might prepare for an adaptive certification exam, and then talk about how this change might affect the IT certification industry over the coming years.

Read the full article: An old exam format is making an IT certification comeback

Published May 14, 2018 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

This week’s collapse of the Iranian nuclear deal justifiably caused global consternation at the thought of Iran moving closer to becoming a nuclear power.

There is, however, a much more immediate threat. Iran is already a cyber power and has a history of launching hacking attacks against American interests.

Restoring sanctions removes an important deterrent to those cyberattacks and may have immediate adverse consequences.

The United States and Iran have quietly waged cyberwar for more than a decade. The U.S. fired the first shot in this war as early as 2007 after joining forces with Israel to use malicious software to destroy equipment at Iran’s Natanz uranium enrichment facility.

Published May 10, 2018 on CNBC.

Read the full story: Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

Posted in Articles | Tagged | Leave a comment

Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

This IDC Perspective identifies five crucial principles that IT executives must understand about the use of cybersecurity insurance to transfer portions of an organization’s cybersecurity risk to an insurance carrier. Modern cybersecurity insurance policies require that organizations undergo a rigorous control assessment and surrender some control of the incident response process to carrier representatives. When chosen carefully, cybersecurity insurance policies limit an organization’s financial exposure in the event of a major breach.

“Hardly a month goes by without a major cybersecurity breach making national news. From Equifax to Yahoo! and from hospitals to schools, cybersecurity incidents cross industries and organization sizes. Many organizations are turning to cybersecurity insurance policies to limit their financial losses in the event of a security incident that compromises sensitive information or systems,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published May 2018.
Read the full report: Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

Posted in White Papers | Tagged | Leave a comment

How to Really Protect Your Digital Privacy: Move to Europe

Facebook CEO Mark Zuckerberg’s testimony before Congress last week highlighted the burgeoning importance of digital privacy in the minds of legislators and the American public. It may also mark the beginning of a long-overdue privacy awakening in our country.

Now is the right time for the U.S. government to acknowledge and defend American’s privacy rights by developing a comprehensive framework of legal protections.

The European Union has long embraced privacy in a much more thorough manner than the U.S. has. Global companies, including Facebook, have spent the last two years preparing for a new privacy regime scheduled to arrive in Europe on May 25. The General Data Protection Regulation (GDPR) will implement a 21st century digital bill of rights for EU residents by updating privacy regulations that first went into effect in 1995.

Read the full article: How to Really Protect Your Digital Privacy: Move to Europe

Published on April 17, 2018 in Fortune

Posted in Articles | Tagged , | Leave a comment

Segment Your Campus Network for Stronger Security

Campus networks carry almost every type of network traffic imaginable. Faculty and staff computers are similar to the devices in any workplace, but they’re just the tip of the iceberg in higher education. Students connect video game consoles, smart assistants, cameras and even smart microwaves to the same networks that connect temperature sensors and research equipment.

Published April 11, 2018 in EdTech Magazine

Read the full article: Segment Your Campus Network for Stronger Security

Posted in Articles | Tagged , | Leave a comment

Feds Can Optimize Disaster Recovery Solutions in the Cloud

Every IT leader shares this nightmare: critical systems down, users enraged, data lost. Without reliable and timely access to data, political leaders and agency staff cannot carry on their work, and constituents cannot rely on their government. Disaster-recovery programs ensure those groups that their data will be protected from loss and available for use, no matter the emergency.

Published March 2018 in FedTech Magazine.
Read the full article: Feds Can Optimize Disaster Recovery Solutions in the Cloud 

Posted in Articles | Tagged , | Leave a comment

Encryption: Six Principles That CIOs Need to Know

“Encryption is an intimidating technology for many IT leaders because it is highly technical and relies upon complex mathematical algorithms. While CIOs can and should leave the details of encryption to their cybersecurity teams, it is important that they have a working knowledge of the technology to provide responsible leadership and oversight,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published March 2018.
Read the full report: Encryption: Six Principles That CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

It’s Time to Question Longstanding Password Security Best Practices

Nobody likes password policies. IT leaders dislike reminding users to yet again change their passwords, then bracing for an onslaught of angry help desk calls. Users dread coming up with yet another obscure combination of uppercase and lowercase letters, symbols and digits that they can remember for the next 90 days. It’s an unpleasant experience all around.

But there’s good news for those frustrated by unwieldy password practices. Cybersecurity professionals are now turning toward new policies that embrace the end user to make security a natural habit. These ideas are bolstered by recent changes in federal security guidelines related to password management.

Published February 2018 in FedTech Magazine.
Read the full article: It’s Time to Question Longstanding Password Security Best Practices

Posted in Articles | Tagged , | Leave a comment

4 Ways Data Loss Prevention Tools Fit Right into Layered Security Strategies

Cybersecurity pros often follow a defense-in-depth strategy, acknowledging the fact that controls will fail. Layered defenses are especially important in the open-computing environment of academia. Data loss prevention solutions are an important component of a layered approach to security. DLP scans content leaving the institution for signs of sensitive information and often serves as the last line of defense, stopping data exfiltration after other controls fail to prevent a breach.

Published January 2018 in EdTech Magazine.
Read the full article: 4 Ways Data Loss Prevention Tools Fit Right into Layered Security Strategies

Posted in Articles | Tagged , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple