Information Security Leader, Author, Instructor and Speaker

The Trans-Pacific Partnership and Cybersecurity

The Trans-Pacific Partnership agreement has come under fire from a wide variety of opponents, including Internet activists and online privacy advocates who feel the agreement could jeopardize cybersecurity. Opponents of the agreement claim the proposed ban on source code audits, if approved as an international regulation, could hamper security efforts on a number of levels.

The Trans-Pacific Partnership agreement language was negotiated in secret by trade representatives from 12 Pacific Rim nations, including the United States, and with the notable exclusion of China. The public didn’t see the text of the agreement until the negotiating nations released it in November. Trying to read the full Trans-Pacific Partnership agreement is a formidable task, as it weighs in at 30 chapters. Let’s take a look at a few of the key provisions that affect cybersecurity and intellectual property rights.

Read the full story: The Trans-Pacific Partnership and Cybersecurity

Published January 13, 2016 on

Posted in Articles | Tagged , | Leave a comment

CISA regulation: What enterprises need to know

In October, the U.S. Senate passed the Cybersecurity Information Sharing Act (CISA) by an overwhelming majority and CISA appears to be on its way to becoming the law of the land. Many technology companies and privacy advocates are concerned about how CISA may force private companies to share customer data and communications with the federal government for frivolous reasons.  What does this mean for enterprise information security programs?

Read the full story: CISA regulation: What enterprises need to know

Published December 24, 2015 on

Posted in Articles | Tagged | Leave a comment

2015: The InfoSec Year in Review

We’re wrapping up quite a year in the world of cybersecurity!  As we entered 2015, the world was just winding down from the political drama surrounding the Sony Pictures breach believed by some to be an act of cyberwarfare waged by North Korea.  That news set the stage for twelve months of high profile stories, some attracting attention from the mass media and others quietly unfolding within the information security community.  Let’s take a look at ten of the most impactful events that affected information security this year.

Read the full story: 2015: The InfoSec Year in Review

Published December 21, 2015 in Certification Magazine

Posted in Articles | Tagged , , , , , , | Leave a comment

Is Safe Harbor Shutting Down?

Two decades ago, the European Union passed a sweeping Data Protection Directive (DPD) that revolutionized the world of privacy by affording citizens unprecedented rights.  Companies around the world scrambled to implement protections that complied with the DPD and eventually organizations subject to the DPD settled into a new routine that complied with the regulation.

In October, almost two decades to the day after the approval of the DPD, European courts responded to the Edward Snowden disclosures of NSA surveillance by striking down the Safe Harbor provision of the DPD.  This decision may have significant impact for international organizations that do business in the EU.

Read the full story: Is Safe Harbor Shutting Down?

Published November 30, 2015 on

Posted in Articles | Tagged , , , | Leave a comment

5 Security Must-Knows for Windows 10

Microsoft’s September release of the Windows 10 operating system caused a flurry of media activity centered around security and privacy issues in the consumer market. Some media voices praised the automatic, mandatory deployment of security patches to home user systems while others bemoaned a perceived lack of transparency in Microsoft’s data collection and privacy practices. Government security professionals should take a closer look at the new security features in Windows 10 that hold great potential for improving agency information security programs. Let’s take a look at five Windows 10 security must-knows.

Read the full story: 5 Security Must-Knows for Windows 10

Published November 1, 2015 in FedTech Magazine

Posted in Articles | Tagged , , , | Leave a comment

BYOD and compliance harmony: Myth or reality?

Mobile device usage has exploded in the enterprise, and many companies have developed Bring Your Own Device (BYOD) policies for employees. But with the usage of employee-owned devices in the enterprise comes increase mobile security risks. Organizations with legal and regulatory compliance obligations must approach BYOD efforts with increased scrutiny to ensure that they do not run afoul of external security and privacy obligations.

Read the full article: BYOD and compliance harmony: Myth or reality?

Published October 31, 2015 on

Posted in Articles | Tagged , , | Leave a comment

The IT Rogues Gallery

As the calendar pages turn toward the end of October, the thoughts of children around the nation drift to the spooky horrors that haunt the night.  Zombies, werewolves and vampires haunt their young dreams.  IT professionals also lay awake into the wee hours of the evening, but different kinds of terrors stalk them in their sleep.  Hackers, spyware and advanced persistent threats lurk behind the dark corners threatening the confidentiality, integrity and availability of information and systems under their care.

The history of malicious actors in the world of computing is long and dark, dating back three decades and filled with the lore of history and deceit.  Let’s take a look back through the rogue’s gallery of IT threats and dissect seven of the most notorious rogues to strike the Internet.

Read the full article: The IT Rogues Gallery

Published October 30, 2015 in Certification Magazine

Posted in Books | Leave a comment

Compliance in the Cloud

As enterprises around the world adopt cloud computing strategies, personally identifiable information, health records, credit card numbers and other regulated data increasingly pass through the control of a wide range of service providers.  Organizations adopting cloud-based services must take time to understand the compliance ramifications of cloud computing decisions and move forward in a manner that maintains compliance with applicable regulations.  Compliance doesn’t necessarily need to slow down cloud adoption, but it should remain a high priority in a cloud-enabled IT environment.

Security and compliance professionals should understand the shared responsibility model that underlies cloud computing, data locality issues, the impact of cloud services on security operations and the assessment and compliance practices that must accompany cloud migrations.

Read the full story: Compliance in the Cloud

Published October 29, 2015 in Information Security Magazine

Posted in Articles | Tagged , , | Leave a comment

Vulnerability Assessments Reveal Security Weaknesses

How confident are you that your network is secure and that hackers aren’t lurking on a server, lying in wait to attack? Many organizations simply don’t have the information required to provide managers with a confident answer to this question.

Vulnerability assessments provide organizations with important insights into their security posture, including a detailed examination of active infections and weaknesses that might allow an attacker to gain a foothold on the network. Security managers can use the results of well-designed assessments to prioritize remediation for areas with the most significant vulnerabilities, enabling the highest possible return on investment. Comprehensive vulnerability assessments engage highly qualified staff using a variety of modern tools.

Read the full article: Vulnerability Assessments Reveal Security Weaknesses

Published October 29, 2015 in StateTech Magazine

Posted in Articles | Tagged , | Leave a comment

Rootkits Unearthed

“You’ve been infected with a rootkit.”  The chilling verdict is often delivered by cybersecurity experts on television drama series, but what does it actually mean?  Each year, systems around the world fall victim to this particularly insidious form of malicious software and fall under the control of attackers intent on jeopardizing the confidentiality, integrity and/or availability of sensitive information and systems.  What steps can security professionals take to deploy preventive and corrective tools designed to avoid and eradicate rootkit infections?

Rootkits vary in implementation but share a common characteristic: they all reach deep into the operating system and manipulate low-level functions to perform insidious actions.  The earliest rootkits sought to gain elevated system privileges while more recent rootkits focus on manipulating monitoring capabilities to avoid detection.  Whatever their intent, rootkits are extremely dangerous because of the low-level access they gain.

Read the full story: Rootkits Unearthed

Published October 26, 2015 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography