Loading ...
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
The Weakest Link written by Allan Pomerantz
Allan Pomerantz is the Chief Information Security Officer for the Philadelphia Stock Exchange, the Nation’s oldest.
Allan is responsible for the creation and distribution of Information Security Policies approved by executive management. In addition, he conducts employee awareness and training programs which emphasize avoiding Social Engineering and Phishing Scams.
In addition, in conjunction with the various technical system administration units, he is responsible for developing and implementing PHLX’s Defense in Depth Strategy which involves hardware, software, policies, and education.
Allan holds the CISSP and CISM designations and is a member of ISSA and Infragard.
He is a graduate of Penn State University with an MBA from Drexel University.
E-Discovery: Stick ‘em Up
July 17, 2008 – 6:00 am
–
This column is not strictly about information security, although IS has a role to play. Rather, it is covers a topic that should be of significant interest to the people normally concerned with IS – information technology, compliance, and especially the CFO and the CFO.
First, a disclaimer. The…
Medical Identity Theft: Your Money or Your Life
June 19, 2008 – 6:00 am
–
What could be worse than ID theft of your financial identity? After all, you could lose thousands of dollars, spend days on the phone with financial institutions, credit bureaus, and merchants. Your interest rates could climb on your credit card debt due to the practice of “universal default”…
The Password Dilemema: Improving the Mundane
May 27, 2008 – 6:00 am
–
The weaknesses of passwords used for authentication and authorization are well known. In fact, many security experts feel that using a password as the only means of accomplishing these goals constitute “worst practices.”
As a result, some higher risk entities (banks, governments, etc.) are…
Human Fallout and the Security Impact of the Sub Prime Crisis
May 13, 2008 – 6:00 am
–
By now everyone heard of, or should I say felt, the impact of the Sub-prime crises on the economy as a whole and on US financial institutions. In particular, the big banks have been affected by having to write off billions of dollars in losses.
In order to help restore their balance sheets, these…
Intentional Security Blindness
April 29, 2008 – 6:00 am
–
In previous columns I talked about two types of employees, contractors, and the like who could cause your organization harm through poor security practices resulting in loss of data, money, or trade secrets, etc. The first type were people who caused such losses inadvertently through security…
