Information Security Leader, Author, Instructor and Speaker

Designing a Risk Management Strategy for SaaS Solutions

“Organizations are adopting cloud technology as a routine business practice. SaaS vendors offer compelling business cases for reducing cost, increasing agility, and improving customer and employee satisfaction. However, the use of these services introduces new risks that IT leaders must consider and manage as they continue to deploy SaaS applications,” said Mike Chapple, adjunct research analyst, IDC’s IT Executive Programs (IEP).

IDC Research Report published March 2019.


Read the full report: Designing a Risk Management Strategy for SaaS Solutions

Posted in White Papers | Leave a comment

Evaluating Intrusion Prevention Systems in Higher Education

Colleges and universities continue to find themselves the targets of large-scale cyberattacks. Some of these come from foreign sources, such as Iranian hackers targeting university professors or Chinese attackers seeking out sensitive defense-related research. Others are more mundane, such as the phishing attack that compromised two East Tennessee State University employees’ email accounts.

No matter the source, the bottom line is clear: higher education institutions have valuable information and resources, and attackers are actively working to steal those valuable assets.

Published March 2019 in EdTech Magazine.

Read the full article: Evaluating Intrusion Prevention Systems in Higher Education

Posted in Articles | Leave a comment

How Government Can Leverage CASBs and Improve Cloud Visibility

Agencies may already have tools in place to track the presence of sensitive information within internal systems, but the process becomes far more complicated when cloud ­services are involved. Cloud access security brokers (CASBs) can help solve this challenge.

The issues that arise from staff use of cloud services — which can range from complete infrastructure deployments to specialized cloud-based apps — come in two forms.

Published February 2019 in FedTech Magazine

Read the full article: How Government Can Leverage CASBs and Improve Cloud Visibility

Posted in Articles | Leave a comment

A rebooted CCSP certification exam is coming

In just a few short months, the Certified Cloud Security Professional (CCSP) certification offered by IT security professional association (ISC)² will undergo its first refresh since hitting the market in 2015. The CCSP has quickly gained in popularity over its brief four-year existence — it is already (ISC)²’s second-most widely held certification, trailing only the long-established and globally popular CISSP credential.

It may not seem like 2015 was that long ago, but change is constant in the information technology (IT) realm. Let’s take a look at the changes that have occurred in the cloud security landscape over the past four years and how those changes are reflected in the content of the revised CCSP exam.

Published February 2019 in Certification Magazine

Read the full article: A rebooted CCSP certification exam is coming

Posted in Articles | Leave a comment

IDC PlanScape: Threat Intelligence Solutions

“Threat intelligence is a foundational component of a modern cybersecurity program,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “Today’s threat environment simply changes too quickly for individuals to keep abreast of developments on their own. Threat intelligence programs provide both qualitative assessments of the field and actionable, automated solutions that bolster existing security defenses.”

IDC Research Report published February 2019.
Read the full report: IDC PlanScape: Threat Intelligence Solutions

Posted in White Papers | Tagged | Leave a comment

The CIO’s Playbook: Preparing for Data Breach Notifications

“The days and hours immediately after a data breach are critical,” said Mike Chapple, adjunct research analyst with IDC’s IT Executive Programs (IEP). “Organizations that suffer a data breach should quickly take action to rebuild the confidence of affected individuals and shape the message shared with the media. Mistakes made early in the process can cause financial and reputational damage with lasting impact.”

IDC Research Report published February 2019.
Read the full report: The CIO’s Playbook: Preparing for Data Breach Notifications

Posted in White Papers | Tagged , , | Leave a comment

5 Tips for Updating a Cybersecurity Incident Response Plan

Many security teams are operating with incident response plans that haven’t been updated — or even looked at — in months or years. That’s a big mistake. While revising documentation is nobody’s idea of a good time, an outdated plan is rarely useful to anyone. IT security professionals should revisit their plans regularly to ensure that they’re ready to meet their organizations’ needs based upon their current operating environment and the modern threat landscape.

Incident response plans are often first created to check a box — perhaps there’s an upcoming technology audit, or you’re certifying against a new security standard or seeking to comply with a new regulation. Whatever the impetus, technology leaders often pull together the first version of an incident response plan in a hurry to meet a deadline, then put it back on the shelf to gather dust.

That approach might fulfill an immediate need, but the plan certainly isn’t a useful tool to help guide an organization when an incident occurs. A well-designed incident response plan serves a much more important purpose: It brings the calm, collected environment of the planning room into the chaos of a security incident. Here are five things organizations can look for as they seek to revitalize their organizations’ incident response plans.

Published January 2019 in BizTech Magazine.
Read the full article: 5 Tips for Updating a Cybersecurity Incident Response Plan 

Posted in Articles | Tagged , | Leave a comment

IDC’s Worldwide Digital Transformation Use Case Taxonomy, 2019: Higher Education

“To continue to be relevant to society and to students, all institutions face the need to transform their academic capabilities using digital technologies,” says Ron Babin, adjunct analyst with IDC’s IT Executive Programs (IEP). “No part of the institution is untouched by digital transformation, although some aspects of digital transformation are current, demanding attention, while others may be a few short years into the future,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP).

IDC Research Report published January 2019.
Read the full report: IDC’s Worldwide Digital Transformation Use Case Taxonomy, 2019: Higher Education

Posted in White Papers | Leave a comment

Cloud Access Security Brokers Give IT Staff Visibility and Oversight

Colleges and universities are rapidly expanding their use of cloud services, ranging from complete infrastructure deployments to specialized applications. This leaves cybersecurity teams in the difficult position of trying to track the flow of sensitive information.

Although they may have tools in place to track the presence of sensitive information within internal systems, this process becomes far more complicated when employees use cloud services. Cloud access security brokers can help resolve this complexity.

The issues that arise from employee use of cloud services come in two forms. First, employees may use cloud services without the knowledge of IT staff. They might discover a new service on their own, open an account, then transfer sensitive information into the cloud account. 

Published January 2019 in EdTech Magazine.
Read the full article: Cloud Access Security Brokers Give IT Staff Visibility and Oversight

Posted in Articles | Tagged | Leave a comment

Security Automation: Eight Things You Can Do Now for Security at Scale

Automation plays an increasingly important role in cybersecurity programs,” said Mike Chapple, adjunct research analyst at IDC’s IT Executive Programs. “Automation serves as a force multiplier by taking routine tasks off the plate of the cybersecurity team and allowing specialists to focus their effort on adding higher-level value to the organization.”

IDC Research Report published December 2018.
Read the full report: Security Automation: Eight Things You Can Do Now for Security at Scale

Posted in White Papers | Tagged | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple