Information Security Leader, Author, Instructor and Speaker

How to Choose Between Penetration Tests and Vulnerability Scans 

Even seasoned cybersecurity professionals confuse penetration tests with vulnerability scans. Both play an important role in the security practitioner’s toolkit, but they vary significantly in scope and expense. Here are answers to some common questions about the topic.

Published August 2018 in EdTech Magazine.
Read the full article: How to Choose Between Penetration Tests and Vulnerability Scans 

Posted in Articles | Tagged , | Leave a comment

Security Certifications: Seven Things CIOs Need to Know

“Cybersecurity certification programs play an important role in our professional community,” said Mike Chapple, adjunct research analyst, IDC. “They demonstrate an individual’s commitment to the profession and willingness to study cybersecurity topics with both breadth and depth. CIOs should recognize the importance of these programs but also be mindful of their limitations.”

IDC research report published July 2018
Read the full white paper: Security Certifications: Seven Things CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

Cybersecurity Threats: Eight Things CIOs Need to Know

“It’s no secret that cybersecurity adversaries have become increasingly sophisticated over the past few years,” says Mike Chapple, adjunct research analyst, IDC. “Organizations seeking to protect their information assets in this day and age must remain cognizant of evolving threats and design security controls that remain effective not only against the threats of today but also provide protection against the unknown threats of tomorrow.”

IDC Research Report published July 2018.
Read the full report: Cybersecurity Threats: Eight Things CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

The worldwide market for cybersecurity products and services will surpass $95 billion this year, according to Gartner. That’s a staggering amount of money, and it represents an ­8­ percent increase in the size of the market since the beginning of 2017.

Is all of that spending really necessary? Much of it is, of course. But in my experience, many organizations purchase new security solutions without first conducting a thorough risk assessment and gap analysis to identify and prioritize their security needs. Some never evaluate their ability to meet emerging threats with existing resources.

Following such an assessment, an organization may conclude that new controls are required, but they may also discover that upgrades and configuration changes to existing controls are also needed — or, perhaps, are all that’s needed — to provide a solid, layered defense.

Read the full article: Why You Should Conduct Risk Assessments Before Buying New Cybersecurity Products

Published May 2018 in BizTech Magazine

Posted in Articles | Tagged | Leave a comment

An old exam format is making an IT certification comeback

In a quiet announcement last year, cybersecurity industry association (ISC)² made a major change to its long-established flagship testing program. Starting in December of 2017, the Certified Information Systems Security Professional (CISSP) exam moved to a new exam format: adaptive testing. This change took effect in December for all test-takers sitting for the English-language version of the CISSP exam.

Social media immediately lit up with concern, as test-takers tried to figure out what effect the announcement would have on their test-taking experience, as well as how the changes to the CISSP exam would affect the difficulty and content of the exam. Let’s take a look at adaptive testing in general, discuss ways that you might prepare for an adaptive certification exam, and then talk about how this change might affect the IT certification industry over the coming years.

Read the full article: An old exam format is making an IT certification comeback

Published May 14, 2018 in Certification Magazine

Posted in Articles | Tagged , | Leave a comment

Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

This week’s collapse of the Iranian nuclear deal justifiably caused global consternation at the thought of Iran moving closer to becoming a nuclear power.

There is, however, a much more immediate threat. Iran is already a cyber power and has a history of launching hacking attacks against American interests.

Restoring sanctions removes an important deterrent to those cyberattacks and may have immediate adverse consequences.

The United States and Iran have quietly waged cyberwar for more than a decade. The U.S. fired the first shot in this war as early as 2007 after joining forces with Israel to use malicious software to destroy equipment at Iran’s Natanz uranium enrichment facility.

Published May 10, 2018 on CNBC.

Read the full story: Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

Posted in Articles | Tagged | Leave a comment

Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

This IDC Perspective identifies five crucial principles that IT executives must understand about the use of cybersecurity insurance to transfer portions of an organization’s cybersecurity risk to an insurance carrier. Modern cybersecurity insurance policies require that organizations undergo a rigorous control assessment and surrender some control of the incident response process to carrier representatives. When chosen carefully, cybersecurity insurance policies limit an organization’s financial exposure in the event of a major breach.

“Hardly a month goes by without a major cybersecurity breach making national news. From Equifax to Yahoo! and from hospitals to schools, cybersecurity incidents cross industries and organization sizes. Many organizations are turning to cybersecurity insurance policies to limit their financial losses in the event of a security incident that compromises sensitive information or systems,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published May 2018.
Read the full report: Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

Posted in White Papers | Tagged | Leave a comment

How to Really Protect Your Digital Privacy: Move to Europe

Facebook CEO Mark Zuckerberg’s testimony before Congress last week highlighted the burgeoning importance of digital privacy in the minds of legislators and the American public. It may also mark the beginning of a long-overdue privacy awakening in our country.

Now is the right time for the U.S. government to acknowledge and defend American’s privacy rights by developing a comprehensive framework of legal protections.

The European Union has long embraced privacy in a much more thorough manner than the U.S. has. Global companies, including Facebook, have spent the last two years preparing for a new privacy regime scheduled to arrive in Europe on May 25. The General Data Protection Regulation (GDPR) will implement a 21st century digital bill of rights for EU residents by updating privacy regulations that first went into effect in 1995.

Read the full article: How to Really Protect Your Digital Privacy: Move to Europe

Published on April 17, 2018 in Fortune

Posted in Articles | Tagged , | Leave a comment

Segment Your Campus Network for Stronger Security

Campus networks carry almost every type of network traffic imaginable. Faculty and staff computers are similar to the devices in any workplace, but they’re just the tip of the iceberg in higher education. Students connect video game consoles, smart assistants, cameras and even smart microwaves to the same networks that connect temperature sensors and research equipment.

Published April 11, 2018 in EdTech Magazine

Read the full article: Segment Your Campus Network for Stronger Security

Posted in Articles | Tagged , | Leave a comment

Feds Can Optimize Disaster Recovery Solutions in the Cloud

Every IT leader shares this nightmare: critical systems down, users enraged, data lost. Without reliable and timely access to data, political leaders and agency staff cannot carry on their work, and constituents cannot rely on their government. Disaster-recovery programs ensure those groups that their data will be protected from loss and available for use, no matter the emergency.

Published March 2018 in FedTech Magazine.
Read the full article: Feds Can Optimize Disaster Recovery Solutions in the Cloud 

Posted in Articles | Tagged , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple