Legal teams have long played an important role in information security and compliance programs. The expertise that attorneys bring to the table complements the technical subject matter expertise of IT professionals and, when working toward a common purpose, contributes to a well-rounded IT risk management program. In this tip, I look at three different ways that legal teams can contribute to information security efforts in enterprises of all sizes.
Legal departments often find themselves thrust into the middle of enterprise risk management programs for two reasons. First, they are normally privy to many of the sensitive risks facing different areas of the business. Second, many organizational risks are legal in nature, requiring the expertise of an attorney to assist in interpreting laws and regulations and to estimate the impact on the organization should a violation arise.
Published February 27, 2015 on SearchSecurity.com
In the spring of 2014, hackers penetrated the systems of Community Health Systems (CHS), a network of 206 hospitals located across the United States. They made off with sensitive personally identifiable information from over 4 million patients, including names, Social Security numbers, birthdates and employment information.
What happened at Community Health Systems? What can enterprises learn from the breach? This tip looks at the lessons you can extract from the CHS breach to protect your organization’s health information and keep HIPAA regulators at bay.
Read the full story: What the Community Health Systems Breach Can Teach Your Organization
Published February 19, 2015 on SearchSecurity.com
Is your agency prepared for the next revolution in wireless networking? The traditional wireless networks that served agencies well for the past decade are quickly becoming outdated relics in desperate need of upgrading. Today’s mobile user requires ubiquitous high-bandwidth connections throughout an agency’s facilities.
The advent of 802.11ac wireless networking promises to fill that demand by tripling the speed of existing 802.11n networks. Technology advances over the next few years promise to further increase 802.11ac speed by a factor of four until the technology provides 6Gbps wireless connections, compared to today’s 0.5Gbps maximum. 802.11ac achieves this benefit by leveraging several technical enhancements, including the use of the 5 GHz radio spectrum.
Read More: Preparing for 802.11ac
Published February 13, 2015 in FedTech Magazine
Higher education IT is in the midst of an exciting transformation. The economies of scale, resiliency, flexibility and agility provided by cloud computing are rendering the construction and maintenance of on-premises data centers obsolete. Over the next decade, the availability and advantage of new technology models will result in a substantial decrease in the use of on-premises data centers. In this ITANA webinar, I shared details on a collaboratively built “Cloud First” strategy for higher education IT that moves from a traditional data center model to one centered on the public cloud and cloud-based services.
View the presentation: Cloud First: Building a Common Strategy
Read the strategy document: Cloud Strategy for Higher Education
In today’s Internet2 Cloud Proud webinar, I had the opportunity to share some thoughts on how organizations can effectively build cloud teams by following three principles:
The Chief Information Security Officer (CISO) is a coveted position in many IT organizations. The high demand for qualified CISOs leads to tremendous competition for qualified candidates and correspondingly high salaries. But what’s the real deal behind the scenes? Do you have what it takes to serve in a CISO role? If not, what qualifications do you need before you can join the information security big leagues?
Sitting in an organization’s senior-most security chair requires a unique mixture of professional experience and educational background. The CISO position is a career capstone for some and a way station to the CIO chair for others. Either way, arriving at this destination requires careful career planning. Most CISOs don’t get there by accident!
Read More: So You Want to be a CISO?
Published January 29, 2015 in Certification Magazine
Increasingly sophisticated cyberattacks have led organizations to adopt correspondingly sophisticated levels of security control. Information security professionals now expect cyberattacks to be part of their normal operating environment and realize that these attackers wield effective tools that greatly exceed the capabilities of yesteryear’s script kiddies. Such advanced weapons require equally sophisticated defensive measures.
Many enterprises currently rely upon a security infrastructure full of niche solutions that were designed to combat earlier threats. The major challenge these niche solutions pose is that they do not communicate with each other, so they can’t share critical information to help establish and enforce security policies.
Next-generation firewalls (NGFWs) address this problem by providing a single point of visibility into multiple areas of security functionality. They provide security teams with the ability to control network traffic in a manner that protects enterprises against cunning attacks.
NGFWs achieve this by integrating multiple security technologies in a single platform. They combine the features of stateful inspection firewalls, intrusion prevention systems, content filtering and application control on a single piece of hardware and then allow those components to communicate with each other.
Read the full CDW white paper: Next Generation Firewalls: The New Norm in Defense
Security professionals around the world recognize the Certified Information Systems Security Professional (CISSP) credential as the field’s premier certification program. CISSP certification is an almost mandatory rite of passage in the career of information security specialists and a prerequisite for many advanced roles in the profession. Earning the credential requires demonstrating a combination of experience and knowledge across a wide range of material.
The International Information Systems Security Certification Consortium ((ISC)2) administers the CISSP program worldwide. They maintain the common body of knowledge (CBK) that trainers and test developers use as the foundation for CISSP certification programs. (ISC)2 is also responsible for monitoring the professional development of certificants, requiring the ongoing accumulation of continuing education credit hours as a prerequisite to recertification.
Published January 5, 2015 in Certification Magazine
Next generation firewalls (NGFW) are all the rage in the information security community. Vendors are clamoring to gain a foothold in enterprises with new and enhanced products that promise to bring contextual awareness to network security. Network professionals considering their first NGFW deployment project should make sure they address some key questions before getting started. These include the rationale for deploying the technology, identifying the location(s) that would most benefit from an NGFW deployment and the selection of capabilities suited for a particular environment.
The current security environment in many organizations involves the use of disparate solutions that focus on one particular component of the organization’s security strategy. For example, network security services often come in the form of firewalls, intrusion detection and prevention systems, network access control and data loss prevention services. While using this approach allows the enterprise to select the most suitable product in each category, it presents the added challenge of managing and monitoring these disconnected systems.
Published December 2014 on SearchSecurity
Today’s increasingly mobile workforce demands ubiquitous, fast wireless access to meet the changing needs of the modern organization. The Wi-Fi networks that used to support this access often grew organically and were not engineered to support the widespread, high bandwidth needs of users.
The advent of the 802.11ac Wi-Fi standard provides IT professionals with the opportunity to both upgrade their network capacity and redesign their wireless strategy to better support the rapid rise of mobile computing. The new standard boosts performance through a number of improvements including wider channels and better modulation techniques.
Adopting an 802.11ac strategy can increase the value that IT delivers to an organization’s mission. IT professionals should understand the technical features of 802.11ac and how organizations can prepare their networks for this new technology. They can use a number of strategies when adopting 802.11ac, as they strive to implement a best-in-class wireless network.
Read the full CDW white paper: Achieving a Best-in-Class Wireless Infrastructure
Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.