Information Security Leader, Author, Instructor and Speaker

Lessons Learned from Six Major Data Breaches

“Every security breach that we read about in the news provides us with an opportunity to reflect upon the root causes of the situation and use those breaches to improve our own security posture. High-profile breaches offer us the ability to learn from the mistakes of others, rather than repeating them ourselves,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published October 2019.
Read the full report: Lessons Learned from Six Major Data Breaches

Posted in White Papers | Leave a comment

Security, Privacy and Confidentiality: What’s the Difference?

Campus administrators and faculty understand the importance of protecting sensitive student information. The past two decades have brought us a variety of laws and regulations dictating how we handle student records, as well as a series of high-profile security incidents that underscore the importance of rising to meet these obligations. 

As we discuss the criticality of protecting sensitive student information, we often throw around three terms: confidentiality, security and privacy. While many people use these terms interchangeably, they actually refer to separate but related concepts. Institutions seeking to mature their data protection practices will benefit from providing their constituents with a clear understanding of these interrelated concepts.

Published October 2019 in EdTech Magazine.
Read the full article: Security, Privacy and Confidentiality: What’s the Difference?

Posted in Articles | Leave a comment

Don’t Be Victimized by a Supply Chain Attack

Six years ago, a major U.S. retailer suffered one of the most famous data breaches in history. Attackers compromised the company’s retail point-of-sale (POS) system and remained embedded in it for over two weeks, siphoning credit card information that moved through the system during the busy holiday shopping period. When the dust settled, the investigation revealed that the breach affected 41 million consumers.

Incident investigators traced the root cause of the breach back to an unlikely source: An HVAC repair company that served as a contractor to the retailer and had VPN access to its network. An attacker managed to steal the password of an employee of the contractor and used that initial access to work his or her way into the network, install malware on the POS system and instruct it to collect customer information.

Published October 2019 in BizTech Magazine.
Read the full article: Don’t Be Victimized by a Supply Chain Attack

Posted in Articles | Leave a comment

Understanding FERPA: How K–12 Schools Can Update Their Data Privacy Approach

Administrators and educational staff at schools around the country understand the importance of protecting student privacy. The Family Educational Rights and Privacy Act, signed into law in 1974 by President Gerald Ford, created clear protections for student educational records, limiting the ways school officials can share those records with outside parties and ensuring parents retain access to information about their children.

FERPA is well known within the educational community, but it is often misunderstood.

Published September 2019 in EdTech Magazine.
Read the full article: Understanding FERPA: How K?12 Schools Can Update Their Data Privacy Approach

Posted in Articles | Leave a comment

Is certification a reliable means of learning new IT skills and concepts?

Earning a technology certification requires some significant investments of both money and time. Candidates purchase study materials, pay tuition for training programs, and renew certifications with annual maintenance fees.

Pursuing a new certification typically requires hundreds of hours of preparation, while maintaining existing certifications requires participating in and documenting professional development activities. Is this investment worth it? Are certifications an effective and reliable way to learn new technologies and demonstrate that knowledge to potential employers?

Published September 2019 in Certification Magazine.
Read the full article: Is certification a reliable means of learning new IT skills and concepts?

Posted in Articles | Leave a comment

Fact or Fallacy: Stay Up to Date on the Best Practices for Password Security

How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing them. After all, we’ve heard password hygiene messages for years, right?

But unless you’ve updated your knowledge recently, you might be in for a few surprises.

The National Institute of Standards and Technology released Special Publication 800-63B: Digital Identity Guidelines — the newest set of guidelines — in mid-2017. Contained within this lengthy government document are dramatic changes in the way the security community thinks about passwords. Take a look at a few prevailing opinions about password security and see whether they are fact or fallacy under this revised guidance.

Published August 2019 in EdTech Magazine.
Read the full article: Fact or Fallacy: Stay Up to Date on the Best Practices for Password Security

Posted in Articles | Leave a comment

5 Questions to Ask About Buying AI-Enabled Security Software

Security products incorporating artificial intelligence techniques may reduce the workload for human analysts,taking over the time-consuming job of correlating information sources and mining voluminous logs to uncover suspicious patterns of activity. Vendors, seeing the hype around AI, are quick to slap the label on almost any technology for a cutting-edge veneer. Here are five questions to ask before purchasing an AI-enabled security system

Published July 2019 in FedTech Magazine.

Read the full article: 5 Questions to Ask About Buying AI-Enabled Security Software

Posted in Articles | Leave a comment

Six Niche Security Certifications

Sometimes you have to step off the beaten path to find the right certification. Let’s take a look at the world of computer security certifications, and see which certs some people may be overlooking.

Published July 2019 in Certification Magazine.

Read the full article: Six Niche Security Certifications

Posted in Articles | Leave a comment

SIEM vs SOAR: What?s the Difference, and Do Businesses Need Both?

The cybersecurity world is full of acronyms; it’s difficult to go an entire year without vendors beating down the door to promote the latest one as the solution to security woes for businesses. The latest entrant into this progression of technologies is the security orchestration, automation and response (SOAR) platform, a platform that vendors promise will decrease incident response time, improve visibility into the security function and make security teams’ lives easier.

That sounds great, but many businesses have already made significant investments in security information and event management technology. Does implementing SOAR involve throwing those SIEM investments out the window? Let’s take a deeper dive into these questions and explore how SOAR and SIEM fit into the enterprise cybersecurity toolkit.

Published July 2019 in BizTech Magazine.

Read the full article: SIEM vs SOAR: What?s the Difference, and Do Businesses Need Both?

Posted in Articles | Leave a comment

IDC PlanScape: Building an Analytics Center of Excellence

“Analytics centers of excellence serve as the nucleus of an organization’s data transformation efforts,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “The center brings together talented staff organized around the common purpose of unlocking the value hidden in business data. Using a centralized approach helps analytics efforts gain the resources they need and develop traction within existing organizational structures that might be otherwise resistant to change.”

IDC Research Report published June 2019.

Read the full report: IDC PlanScape: Building an Analytics Center of Excellence

Posted in White Papers | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple