For decades IT and InfoSec have been looked upon as money suckers as a result of the poor understanding of their value and the true role they play in creating revenue. The idea of removing IT and InfoSec from a cost center view has stirred up strong emotion on Twitter. Read more…
Growing up, I had DARE & abstinence-only education, which were comprehensive national education programs designed to educate children and keep them safe. They are an easy sell with a “wholesome” and straightforward answer to an otherwise complicated subject. “Just Say NO!” can be readily understood by young and old and Read more…
When a company has a break down in its processes blame is assigned based on whom the process owner is and the individual(s) responsible for completing the missed or an improperly executed task. When a low-level process is broken such as the case was with Experian and the missing Apache Struts patch that allowed an attacker to gain a foothold in their information system and steal 152 million records, I see little reason to start chopping off the heads of senior leadership. Processes should be reviewed at a regular interval that is appropriate for the businesses operational environment (annually, semi-annually, quarterly, or monthly). In Experian’s case, I believe there was a systematic breakdown where the process was broken, and no one up the chain of command was notified. A CIO and CSO at a company as large as Experian don’t have the time or resources to personally check-up on every department nor should they be required to micro-manage. Mid-level and upper-level management should be feeding data to the C-suite at their meetings and if something was off or missing it should’ve been addressed. (more…)
In case you haven’t heard, James Damore is suing Google for discrimination based on political beliefs for which he was fired. The legal complaint is lengthy, and I’ve read most of it. I say most of it because it contains constant harassment and discrimination claims by various people within Google. (more…)
Any proposal for the change, creation or removal of rules that the FCC is going to bring for a vote must have a period for public comments. The purpose of the public comments is for people to voice support for or against the proposal and to provide a substantive legal argument for or against the proposal. (more…)