Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: CSO/CISO Perspectives

You Say “ISAC,” I Say “ISAO”

– The White House sponsored a “Summit on Cybersecurity and Consumer Protection” at Stanford University on Friday the 13th of February, 2015 to discuss privacy, data protection and public-private cyber-threat information sharing. They invited the CEOs of major companies. Google, Facebook, Amazon…

Some Data Breaches are “Ordinary”

– Given enough time and a large number of events, it seems that we eventually become inured to major incidents. At least that is what you would think if you read David E. Sanger’s article “Countering Cyberattacks without a Playbook” in The New York Times of December 24, 2014. Here is what…

Putting Application Security into Context

– For some time now, I have wondered why InfoSec practitioners are paying so little attention to context with respect to application security and why InfoSec professionals and software safety engineers do not collaborate as much as they should. Then I read a column on the Op Ed page of The New York…

Yet Another Case of Third-Party Breach Discovery

– On the front page of the Business Day section of The New York Times of November 1, 2014, is an article by Matthew Goldstein and Nicole Perlroth with the title “Luck Helped in Discovery of Breach at JPMorgan.” It never ceases to amaze me how few publicized data breaches are actually discovered…

Cybersecurity—Eliminating Vulnerabilities and Weaknesses at the Source: A Comparison with Malaria … and Ebola

– It has always bothered me that infosec professionals spend so much of their time chasing around after threats and vulnerabilities, many of which could have been avoided if only suitable requirements, design and hygiene had been observed at the outset. While this might seem like a simple concept,…