Information Security Leader, Author, Instructor and Speaker

The CIO’s Playbook: Preparing for Data Breach Notifications

“The days and hours immediately after a data breach are critical,” said Mike Chapple, adjunct research analyst with IDC’s IT Executive Programs (IEP). “Organizations that suffer a data breach should quickly take action to rebuild the confidence of affected individuals and shape the message shared with the media. Mistakes made early in the process can cause financial and reputational damage with lasting impact.”

IDC Research Report published February 2019.
Read the full report: The CIO’s Playbook: Preparing for Data Breach Notifications

Posted in White Papers | Tagged , , | Leave a comment

5 Tips for Updating a Cybersecurity Incident Response Plan

Many security teams are operating with incident response plans that haven’t been updated — or even looked at — in months or years. That’s a big mistake. While revising documentation is nobody’s idea of a good time, an outdated plan is rarely useful to anyone. IT security professionals should revisit their plans regularly to ensure that they’re ready to meet their organizations’ needs based upon their current operating environment and the modern threat landscape.

Incident response plans are often first created to check a box — perhaps there’s an upcoming technology audit, or you’re certifying against a new security standard or seeking to comply with a new regulation. Whatever the impetus, technology leaders often pull together the first version of an incident response plan in a hurry to meet a deadline, then put it back on the shelf to gather dust.

That approach might fulfill an immediate need, but the plan certainly isn’t a useful tool to help guide an organization when an incident occurs. A well-designed incident response plan serves a much more important purpose: It brings the calm, collected environment of the planning room into the chaos of a security incident. Here are five things organizations can look for as they seek to revitalize their organizations’ incident response plans.

Published January 2019 in BizTech Magazine.
Read the full article: 5 Tips for Updating a Cybersecurity Incident Response Plan 

Posted in Articles | Tagged , | Leave a comment

IDC’s Worldwide Digital Transformation Use Case Taxonomy, 2019: Higher Education

“To continue to be relevant to society and to students, all institutions face the need to transform their academic capabilities using digital technologies,” says Ron Babin, adjunct analyst with IDC’s IT Executive Programs (IEP). “No part of the institution is untouched by digital transformation, although some aspects of digital transformation are current, demanding attention, while others may be a few short years into the future,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP).

IDC Research Report published January 2019.
Read the full report: IDC’s Worldwide Digital Transformation Use Case Taxonomy, 2019: Higher Education

Posted in White Papers | Leave a comment

Cloud Access Security Brokers Give IT Staff Visibility and Oversight

Colleges and universities are rapidly expanding their use of cloud services, ranging from complete infrastructure deployments to specialized applications. This leaves cybersecurity teams in the difficult position of trying to track the flow of sensitive information.

Although they may have tools in place to track the presence of sensitive information within internal systems, this process becomes far more complicated when employees use cloud services. Cloud access security brokers can help resolve this complexity.

The issues that arise from employee use of cloud services come in two forms. First, employees may use cloud services without the knowledge of IT staff. They might discover a new service on their own, open an account, then transfer sensitive information into the cloud account. 

Published January 2019 in EdTech Magazine.
Read the full article: Cloud Access Security Brokers Give IT Staff Visibility and Oversight

Posted in Articles | Tagged | Leave a comment

Security Automation: Eight Things You Can Do Now for Security at Scale

Automation plays an increasingly important role in cybersecurity programs,” said Mike Chapple, adjunct research analyst at IDC’s IT Executive Programs. “Automation serves as a force multiplier by taking routine tasks off the plate of the cybersecurity team and allowing specialists to focus their effort on adding higher-level value to the organization.”

IDC Research Report published December 2018.
Read the full report: Security Automation: Eight Things You Can Do Now for Security at Scale

Posted in White Papers | Tagged | Leave a comment

IDC PlanScape: Launching a Bug Bounty Program

Bug bounty programs incentivize security researchers to test your systems for weaknesses and then provide you with an opportunity to fix the problems and strengthen your defenses,” says Mike Chapple, adjunct analyst with IDC‘s IT Executive Programs (IEP). “These programs allow you to benefit from the collective thinking of a large community of security professionals. You’ll have more minds focused on your security posture than you could ever hire as employees or consultants.”

IDC Research Report published December 2018.
Read the full report: IDC PlanScape: Launching a Bug Bounty Program

Posted in White Papers | Tagged | Leave a comment

5 Steps to Integrate a Business’ Security Solutions

Your organization probably has a diverse set of security tools working to help reduce your risk profile and combat active threats. You might have a vulnerability scanner seeking out unpatched systems, an intrusion prevention system monitoring network traffic, a firewall controlling the border, and a threat intelligence vendor feeding you current information about the adversary.

But how well do these tools work with each other? If you’re like many of us, these tools may exist in silos only to be linked together by the work of cybersecurity analysts. One of the best ways to quickly improve the efficiency of your team is to build integrations between security tools, allowing them to work in harmony while minimizing user intervention.

Let’s take a look at five things that you can do right now to better integrate your security tools.

Published October 2018 in BizTech Magazine.
Read the full article: 5 Steps to Integrate a Business’ Security Solutions

Posted in Articles | Tagged | Leave a comment

4 Ways to Keep Sensitive Data from Escaping to the Public Cloud

Think about how many cloud services you use every day. Chances are that it’s a mixture of services managed by your employer and others that you’ve chosen to use in your personal life.

As an IT professional, you might carefully manage the separation between those worlds, but it’s easy for non-IT users to accidentally spread information from their work life into their personal cloud services. When this happens without IT staff being aware of it, the institution is at risk of exposure to loss, theft or public disclosure of sensitive information.

Let’s look at four ways to manage faculty and staff use of cloud services to detect data leaks and repatriate improperly exposed data.

Published September 2018 in EdTech Magazine.

Read the full article: 4 Ways to Keep Sensitive Data from Escaping to the Public Cloud 

Posted in Articles | Tagged , | Leave a comment

How to Choose Between Penetration Tests and Vulnerability Scans 

Even seasoned cybersecurity professionals confuse penetration tests with vulnerability scans. Both play an important role in the security practitioner’s toolkit, but they vary significantly in scope and expense. Here are answers to some common questions about the topic.

Published August 2018 in EdTech Magazine.
Read the full article: How to Choose Between Penetration Tests and Vulnerability Scans 

Posted in Articles | Tagged , | Leave a comment

Security Certifications: Seven Things CIOs Need to Know

“Cybersecurity certification programs play an important role in our professional community,” said Mike Chapple, adjunct research analyst, IDC. “They demonstrate an individual’s commitment to the profession and willingness to study cybersecurity topics with both breadth and depth. CIOs should recognize the importance of these programs but also be mindful of their limitations.”

IDC research report published July 2018
Read the full white paper: Security Certifications: Seven Things CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple