Home/Tag: News

Items of Interest: Week of 6/15/2015

Throughout the week I share interesting tidbits I come across with my co-author, Christian. He said I tend to look at some pretty interesting stuff and suggested that I start compiling a list of links relevant to the risk3sixty blog. Below are my links for the week of 6/15/2015, along with a short description of each: Malware used Foxconn digital certificate [...]

By |2020-01-17T21:22:30+00:00June 19th, 2015|IT Audit & Compliance|0 Comments

TSA Failure Highlights the Importance of Audit and Assurance

Executives should love IT auditors because auditors provide something every CEO/CIO wants: A view into the operating effectiveness of their company or department. Without audit functions a company might be wasting money, man-power, or spending a lot of time doing things that have no impact on the business. Today, a story broke that an audit of the TSA's security procedures revealed [...]

The 50 Most Used Passwords!

Last week I helped a few friends with setting up a new website for their business and their associated email accounts for the domain. At one point in the process, one of them told me the password they wanted to use to access the site. Not shockingly, it was something rudimentary and simple. Despite more and more of us being educated [...]

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones. This presents more questions about how [...]

By |2020-01-17T21:26:29+00:00March 30th, 2015|Privacy Compliance|0 Comments

The Next Big Security Concern: The Internet of things and harvesting your private conversations

Samsung Smart TV Terms and Conditions People often ask what "the next big thing" around IT security will come about next. In years past we've seen the rise of "big data", "the cloud", "cybersecurity", and so on - but what's next? I personally think one of the biggest unsolved problems in tech is the security of the "internet of things". The "internet [...]

By |2020-01-17T21:26:29+00:00March 26th, 2015|Privacy Compliance|0 Comments

How to Fix the Lenovo Superfish Security Hole

By now, everyone who works in the realm of IT Security has heard of the Lenovo Superfish fiasco. Today, I'm going to give a moderately technical overview of Self Signed Root Certificates and how Superfish exploited them. After this post, each of you can check the Root Certificates installed on your systems and take action against anything that looks “fishy” (pun totally intended). [...]

By |2020-01-17T21:26:40+00:00March 2nd, 2015|IT Audit & Compliance|0 Comments

Advice for Taking the CISA Exam

This past December I took the ISACA CISA exam and I’m pleased to announce that last week, I got my confirmation letter stating that I passed in the top 10 percentile of fellow test takers! With the test passed and the experience still very fresh on my mind, I felt I should take the opportunity share my experience and any advice [...]

By |2020-01-17T21:27:14+00:00January 22nd, 2015|IT Audit & Compliance|29 Comments

Payment Tokenization: the Future of Electronic Transactions

Credit card data is notoriously susceptible to theft (home depot and target). The problem stems from the use of a single set of data points to authenticate your card for payment. For example, when you visit a merchant or online retailer, a single number, expiration date and CVV (card verification code) are used again and again for all purchases, everywhere, for years. This gives [...]

By |2020-01-17T21:28:51+00:00December 11th, 2014|IT Audit & Compliance|0 Comments