Posted October 18th, 2017

The Long Tail of Equifax Data

Like most security professionals, I have been glued to various security news sites waiting for more details to be revealed from the Equifax breach.  Last month, it was announced that Equifax’s CEO has stepped down.[1] In the wake of Equifax’s loss of 145 million records, 3 C-level leaders have been removed. In consideration of the fallout from Equifax,… [read more]

Posted April 10th, 2015

PCI Compliance, HIPAA, HITECH and Holistic Data Protection

Photo source: PCI Compliance and Data Security A dichotomy exists between information and data – and the way that information and data are discussed, stored, protected, and used. Any number of people reading this might identify themselves as working with “Information Systems” in the field of “Information Technology,” and some of them work with… [read more]

Posted January 31st, 2014

POS Malware – Same Malware, Different Merchant – Black Swan Event

An article titled  A First Look at the Target Intrusion, Malware posted January 15 by @briankrebs contained an initial analysis of BlackPOS a POS malware targeting retail systems. Retail POS along with other related software, including security systems and software appears to be a common weak link. The hackers have concluded that if you focus on… [read more]

Posted October 10th, 2013

Digital Certification Authorities and Data Breaches

Author: Bill Corbitt Abstract This paper analyzes several recent breaches of major players in the security industry, in particular security products vendors and Certificate Authorities (CAs). Distinct patterns and relationships have emerged that have allowed the prediction of the next set of potential targets. Without the implementation of stringent compliance standards for CAs one… [read more]