This category contains 1253 posts

Self-Driving Information Security

The prospects of autonomous self-driving vehicles becoming a pervasive presence on our roadways seems more likely everyday. From the big automakers to Tesla to Google to Uber, a wide range of companies are investing a tremendous amount of money to create a world without carbon-based drivers. The motivation for a big payday abounds, but the … Continue reading

(ISC)² Delivers Recommendations to White House Chief of Staff, Urging Prioritization of Workforce Development in Final Cybersecurity EO and Beyond

In a recent blog post, I encouraged our U.S. government members to think short-term and be cautious to draw conclusions within the first 90 days of the Trump Administration. I also mentioned that one of (ISC)²’s immediate goals was to deliver a set of recommendations to the presidential team. In advance of the new administration’s … Continue reading

My Transition From IT Audit to CISO

My transition from internal IT auditor to CISO in banking felt natural because, while working as an auditor, I developed a strong knowledge of information security and control concepts while also improving my communication skills. Communication skills are crucial to the success of a CISO. Effective communication helps build positive relationships with employees at all … Continue reading

Viewing Cybersecurity as a Business Enabler Versus a Money Pit

A data breach can cause a loss of revenue, destroy shareholder value, erode consumer trust and even open you up to legal consequences, whereas better security can add value to a company by preventing attacks, detecting breaches faster and mitigating the damage caused by cyber threats. The Ponemon Institute’s 2016 Cost of Data Breach Study … Continue reading

The Rise of Wireless Security Cameras and the Risks They Pose

While there’s a lot of conversation about cyber security and physical premises security, the two rarely overlap. But when you study wireless security cameras, you experience a rare convergence of digital and physical. Do you know everything you need to know about this potentially risky technology? Next time you’re walking down a busy street, take … Continue reading

Pulling the Brake on the Magnitude EK Train

This blog goes into detail on recent work that Unit 42 has done to identify malicious sites associated with the Magnitude Exploit Kit (EK). It details the investigation process involved in identifying the algorithm used to generate domains used by the Magnitude EK. Defenders can use the provided data to identify possible domains that may … Continue reading

Ewind – Adware in Applications’ Clothing

Since mid-2016 we have observed multiple new samples of the Android Adware family “Ewind”. The actors behind this adware utilize a simple yet effective approach – they download a popular, legitimate Android application, decompile it, add their malicious routines, then repackage the Android application package (APK). They then distribute the trojanized application using their own, … Continue reading

Do Your Customers Feel Safe? Here’s How to Help

It’s not enough to make customers safe. I’ve worked with several businesses that did everything they were supposed to on the back end, including hiring IT security professionals, developing safer websites, and actively monitoring for threats—but customers never see the back end. In addition to making customers safe, enterprises have to make them feel safe, … Continue reading

The Outlook for Biometrics Security

Deloitte Technology, Media and Telecommunications predicted recently that more than 1B devices would be reader-enabled for biometrics by the end of 2017. This is a very significant milestone for many reasons. Over the years, there has been a lot of hype about the potential of biometrics for authentication and other purposes, but the lack of … Continue reading

Faces of ISACA: Integrity Central to Santor’s Career Success

One of the most influential conversations in Cheryl Santor’s career required plenty of gumption. Santor, working in IT at a mortgage banking firm in the 1990s, had major concerns about non-proprietary memory that had been installed, jeopardizing the main system for collecting loan information. She voiced her concerns to her CIO in no uncertain terms, … Continue reading

Web Stats

  • 108,372 hits


@PhilipHungCao, SACS, CISM, CCSP, CCSK, GICSP, CASP, CIW-WSP, PCNSE7, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 1,709 other followers

Twitter Updates


April 2017
« Mar