Clik here to view.
Expose the Gaps in Your SSL Security Posture with Venafi Labs Vulnerability...
Venafi is pleased to announce the availability of the Venafi Labs Vulnerability Report. In the last 12 months, trust-based attacks that make use of, or abuse, the trust established by keys and...
View ArticleClik here to view.
Global Security is Like Running a Marathon While Juggling
I’ve often been asked to provide some insight from a CISO perspective on how the threat landscape has changed and how, as a CISO, I’ve had to ensure business continuity while ensuring the environment...
View ArticleClik here to view.
Key and Certificate Management vs. Key and Certificate Security—Time for a...
Even though your organization is spending millions in security technology to protect the business and stop adversaries, cybercriminals are still getting away with your data. It’s time to take a long...
View ArticleAttack on Trust Threat Bulletin: APT Operators Exploit Heartbleed
Situation On 20 August 2014, TrustedSec reported that Advanced Persistent Threat (APT) operators exploiting Heartbleed were responsible for the data breach of 4.5 million Community Health System...
View ArticleClik here to view.
Complying with Data Security Laws and Regulations? Congratulations, You’re...
Dig Deeper for Security Vulnerabilities Business is booming and electronic information systems are running smoothly. You’ve passed all compliance audits and feel confident in your ability to defend...
View ArticleClik here to view.
Following a Major Attack, the PCI SSC Announces Securing Cryptographic Keys...
Just last week, an exploit of the Heartbleed vulnerability that used compromised keys and certificates became public. Community Health Systems (CHS) was breached following incomplete Heartbleed...
View ArticleClik here to view.
SSL Vulnerabilities in Your Mobile Apps: What Could Possibly Go Wrong?
The majority of people and consumers don’t usually think about security and data privacy when they log into their mobile banking app, take a photo of the check, and make a mobile deposit directly into...
View ArticleClik here to view.
PCI Business-as-Usual Security—Best Practice or Requirement?
I’m attending the 2014 PCI Community Meetings in Orlando and the PCI SSC kicked off the conference with a presentation by Jake Marcinko, Standards Manager, on Business-as-Usual (BAU) compliance...
View ArticleClik here to view.
Malicious Security—Can You Trust Your Security Technology?
Encryption and cryptography have long been thought of as the exemplars of Internet security. Unfortunately, this is not the case anymore. Encryption keys and digital certificates have become the...
View ArticleClik here to view.
2015 PCI SIG Presentations—Rallying the Vote for Securing Keys and Certificates
Today, at the 2014 PCI Community Meetings in Orlando, the 2014 PCI Special Interest Groups (SIGs) provided updates on their progress and presentations were given on the 2015 PCI SIG proposals in hopes...
View ArticleClik here to view.
Trust Is a Necessity, Not a Luxury
Mapping Certificate and Key Security to Critical Security Controls I travel all over the world to meet with CIOs and CISOs and discuss their top-of-mind concerns. Our discussions inevitably return to...
View ArticleClik here to view.
Failing to Protect Customers’ Trust Will Impact Your Business
In my last blog on “SSL Vulnerabilities in Your Mobile Apps: What Could Possibly Go Wrong?” I reported on the latest threats facing many enterprises today, because enterprises are failing to secure the...
View ArticleClik here to view.
Attacks on Trust Driving Compliance Evolution
When it comes to cybersecurity, any new regulatory compliance measure or guidance is typically driven by a significant expansion of associated real-world threats and incidents. For example, in October...
View ArticleClik here to view.
Payments and Private Key Protection
There have been a lot of retailers making headlines for payment system breaches, where millions of credit card numbers have been stolen. After a breach, the retailer has to take a hard look at the...
View ArticleClik here to view.
Allocating 2015 Budget for Key and Certificate Security
Right now many enterprises are in final stages of their 2015 budget cycles and many are allocating budget for one of the most important problems and highest areas of risk: protecting the trust...
View ArticleClik here to view.
Malicious Security—Can You Trust Your Security Technology?
In my previous post, I discussed the first three steps of four showing how a typical trust-based attack can be broken up into the following: 1) theft of the key, 2) use of the key, 3) exfiltration of...
View ArticleClik here to view.
Budget for Key and Certificate Security as a Critical Security Control
In the recent blog post on Allocating 2015 Budget for Key and Certificate Security, by Tammy Moskites, the CISO and CIO of Venafi, she emphasizes how unsecure keys and certificates can undermine...
View ArticlePCI SIG Voting Now Open—Vote for Securing Keys and Digital Certificates Proposal
I know that meeting and maintaining PCI DSS compliance is a major undertaking for fellow CISOs and teams, and our collective efforts to do so improve the overall security of our organizations....
View ArticleClik here to view.
Forrester Research Uncovers Gaps in Mobile Certificate Security
The increasing reliance on mobile devices and applications is driving the need for mobile certificates to ensure that devices and applications are secure, authenticated, and encrypted for enterprise...
View ArticleClik here to view.
Payments and Private Key Protection, Part 2
Since last month’s blog where I started to discuss the importance of protecting private keys in payment networks, even more retailers have made the news for credit card data breaches. I also personally...
View Article