In Summary

The last twelve weeks have led me to research a variety of Information Security related topics; primarily surrounding data security and breaches. Learning from the exposures found at Healthcare.gov, Target, Home depot and Dairy Queen we can begin training our companies and ourselves how to handle these constantly changing risks, which will keep us employed for many years to come. We have new technology and methodologies to help us, but we must take it upon ourselves to be always vigilant in maintaining the data that we possess and how we handle it. I found my topics from a variety of sources, starting each week with a Google search of news items related to Information Security. I think this type of blog is useful for a professional in that it necessitates staying current with security topics. Always trying to stay one step ahead of the bad guy.

Target Completes Overhaul of New Security Staff

Target announced this week that they have hired a new chief risk and compliance manager, Jacqueline Hourigan Rice, who will report directly to the company's CEO. Her position will work directly with the new CISO who was hired in June, Brad Maiorino, who reports to the new CIO that was hired in April, Bob DeRodes. This complete overhaul of information security and risk policy, as well as elevation of the new and existing positions within the company, should help Target stay one step ahead of the next attack. The new focus also gives me a strong sense that I have made a wise decision and selected a field that is in high demand for my post-graduate degree.

Russia and China to agree in Information Security measurements

It was announced this week that officials from Russia and China are seeking to establish an agreement on information security, specifically to stop any potential escalation from cyber attacks. At first glance I am skeptical of any agreement between Russia and China, mainly because of.....history. However, it appears on the surface that they are taking these steps in order to simply "cooperate" (whatever that means).

Federal Government to Use Pin and Chip Technology

I was in South Africa earlier this year for business. The first night out at dinner our group split the check evenly, two of us being from the US found it very strange when the waitress approached the table with a portable credit card terminal. It turned out that most countries in Africa use advanced chip and pin technology in order to prevent credit card fraud. Our dinner mates found it very strange that we would just hand our cards off to a complete stranger to take across the restaurant to pay the bill...I had to agree this was not the best method. Last week I ordered my first chip and pin card from my credit card company, which happened to arrive on the same day that President Obama ordered all federal agencies to begin using chip and pin terminals for transactions. Seems a bit late, but at least we are taking steps to securing ourselves against fraud.

Standards of Due Diligence

In chapter 7 of our text standards of due diligence is discussed as certain organizations being legally required to maintain a certain level of security(Whitman & Mattord, 2014). A quick Google search led me to this article on on hedge fund businesses and how they must always stay ahead of the technological curve. They can no longer simply state that their due diligence has been done, they must often prove how it has been tested. Thinking about the worlds financial markets, and the hundreds of billions of dollars in hedge funds, it makes sense to me that standards for security will be developed here. People with that kind of money are always targets, and it is easy to understand why their systems must be completely secure. Whitman, M. E., & Mattord, H. J. (2014). Management of Information Security. Stamford: Cengage.

Security Awareness Training Is Top Priority

According to a study published this week by PWC, security related incidents continue to rise, creating staggering losses for large companies. The main cause for the incidents remain to be employees; which by no surprise may lead to why employee security awareness training programs are the top priority among the firms surveyed. Education and prevention is by far much more favorable than spending on recovery efforts. For some reason this makes me think of Smokey the Bear and his motto, "Only You Can Prevent Forest Fires". InfoSec needs a spokesbear, too.

Dairy Queen Breached?

Forbes reported this week on "The Top 5 Information Security Breaches No One is Talking About". It was interesting to me to hear about the different, very large, companies and organizations that had been breached but that the major news organizations did not report widely on. This makes me wonder: where is the corporate responsibility in regards to reporting breaches, or ensuring that consumers are aware that they may be impacted? I know that I have gone to Dairy Queen several times this summer and I never received any type of notice that I might be impacted. When Target was breached, I hadn't shopped there in months and I received a new debit card any way. Are there laws that dictate when consumers must be informed of breaches?? I will look in to this more....