April 16, 2013    /    by

BYOD for You: New Guidebook for Employees to Bring Your Own Device

I am excited to announce the release of my new eBook on the hot topic of mobile technology and specifically bringing your own device to work (BYOD).

BYOD for You Book Cover I am excited to announce the release of my new eBook on the hot topic of mobile technology and specifically bringing your own device to work (BYOD). As described yesterday by Sarah Rich in this piece called BYOD Recommendations and Dilemmas, the focus of the book is to provide a guide for employees who use their own smartphone, tablet or other mobile device for both personal and professional tasks.

  The new eBook is called BYOD for You: The Guide to Bring Your Own Device to Work. The specific details on the eBook, as well the introduction, can be found at the “BYOD for You” book website: www.byod4u.com or Facebook.com/byod4u. READ MORE

April 7, 2013    /    by

What if George Washington's rules of decency were adapted for social media?

Recently, my family was discussing lesser known facts about our first President, George Washington. The intriguing conversation centered on George Washingtons 110 Rules of Civility & Decent Behavior in Company and Conversation. How can we apply these rules to online decency today?

Recently, my family was discussing lesser known facts about our first President, George Washington.  The intriguing conversation centered on George Washington’s 110 Rules of Civility & Decent Behavior in Company and Conversation.

If you’re not familiar with this important corner of history, here’s a brief excerpt from the introduction to George Washington’s rules, drawn from Foundations Magazine online: READ MORE

March 31, 2013    /    by

Futurists: In-body computers and higher-stakes for security

What are futurists predicting regarding technology? And for security, what is coming down the road?

The book 1984 was written by George Orwell in the 1940s. Words and concepts such as; “Big Brother, doublethink, thoughtcrime, Newspeak and even Orwellian” come from this famous literary work.  

More than sixty years later, philosophers still argue about what Orwell would say about the Internet, technology in 2013 or our future, if Orwell were alive today. Students continue to read and learn from Orwell and debate questions about security, privacy and monitoring on the Internet today. READ MORE

March 24, 2013    /    by

Why trashing security awareness training is a bad idea

There has been a lot of discussion over the past few months regarding an article entitled: Why you shouldn't train employees for security awareness. Here's my response.

There has been a lot of discussion over the past few months regarding an article entitled: Why you shouldn’t train employees for security awareness.  This viral article from last summer is still very popular. It was written by Mr. Dave Aitel, who is the founder and CEO of Immunity. If you’re not familiar with this debate on the value of cyber awareness training, I recommend taking ten minutes to check out Mr. Aitel’s views and the corresponding comments.

After reading this article as well as many rebuttals, I believe a few common themes emerge: READ MORE

March 17, 2013    /    by

New NIST Cybersecurity Framework: Your Input Needed

The National Institute of Standards and Technology (NIST) issued a press release recently announcing the development of a new framework to reduce cyber risk. What do they need right now? Your input.

The day after President Obama released the “Improving Critical Infrastructure Cybersecurity Executive Order,” the National Institute of Standards and Technology (NIST) issued this press release announcing the development of a new framework to reduce cyber risk.

What do they need right now? Your input by April 8. READ MORE

March 9, 2013    /    by

The Top 100 Most Innovative Infrastructure Projects in the World

What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?

What are the top infrastructure projects in the world? Why were they chosen? What projects are hot in North America? How is cloud computing changing the way business in conducted?

These were just a few of the questions that are answered in the annual study performed by KPMG which outlines the Infrastructure 100: World Cities Edition.   READ MORE

March 3, 2013    /    by

Three Takeaways from the 2013 RSA Conference in San Francisco

The largest cybersecurity conference in the world was held this past week - RSA in San Francisco. The 2013 show was as big and, in reality, overwhelming as ever. He are a few takeaways.

   The largest cybersecurity conference in the world was held this past week - RSA in San Francisco. The 2013 show was as big and, in reality, overwhelming as ever. There are literally thousands of articles and press releases that come out each year about the companies, products, awards, people and the hottest global security topics related to the greatest IT security show on earth.

There are so many conference sessions, side-meetings, receptions, demonstrations, bake-offs, dinners (and lunches and breakfasts), separate conference running concurrently and more that it is hopeless to think that attendees can participate in even a small fraction of the available activities. The vendors know that most security leaders with influence are somewhere in San Francisco during the week, and they all want to have “face-to-face” time over a meal or coffee. READ MORE

February 24, 2013    /    by

Seven Actions for Governors on Cybersecurity: A Transcript from the NGA Winter Meeting 2013

Yesterday, I was given the opportunity to speak on a panel at the National Governors Association (NGA) Winter meeting in Washington. Here is a transcript of my opening remarks which offer seven actions for Governors to take on cybersecurity.

Yesterday, I was given the opportunity to participate as a member of a panel entitled "States and Cybersecurity" at the National Governor’s Association (NGA) Winter meeting in Washington. This Health and Homeland Security Committee session was broadcast live on CSPAN and can be viewed here.

The other panelists discussing cybersecurity were Richard A. Clark, Chairman and CEO of Good Harbor Security Risk Management, and David Hannigan, Chief Information Security Officer at Zappos. We were asked to focus our opening remarks on action steps that states could take and not elaborate on the cybersecurity threat situation, which was covered in another briefing. READ MORE

February 19, 2013    /    by

Reactions to the Presidents EO on cybersecurity are all over the map

What are bloggers and other commentators saying about the new EO on cybersecurity and PPD-21?

Most readers of this blog already know that President Obama released an executive order last week on the topic of cybersecurity. The actual text of the executive order, along with the text of the more detailed Presidential Policy Directive / PPD-21, offer a glimpse into the future of our cybersecurity battles in America over the next few years.  

I have waited almost a week to comment so that I could summarize global reaction to these new edicts. As I mentioned before the executive order came out, new guidance on cybersecurity was almost inevitable for a variety of reasons. Well now the federal government’s sector-specific agencies have their marching orders, and like it or not, it appears to be time for critical infrastructure owners and operators to get on board the ship and do more to address weaknesses and raise the bar on cyber protections. READ MORE

February 10, 2013    /    by

Report: Executive order on cybersecurity coming after State of the Union address

According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address.

According to Bloomberg, President Obama plans to release an executive order on cybersecurity soon after the State of the Union address. The State of the Union address is scheduled for Tuesday, February 12.

The administration, which has been drafting the order for at least six months, plans to set up voluntary cybersecurity standards for owners and operators of critical infrastructure such as water treatment plants, electric utilities and railway systems.  READ MORE