Category Archives: Cyber@Risk™

#69 -CYBER SECURITY VULNERABILITIES – MARK BERNARD

Posted on by
Reply

Mark BernardI wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading

#64 – ARE THE FEDS MANDATING ERM? YES. – GREG HUTCHINS

Posted on by
Reply

Greg Hutchins pixOffice of Management and Budget (OMB) is requiring US agencies and departments to manage risks at the enterprise level.

Why?

Ebola?  Wars?  Shootings?  Civil unrest?  Global warming?  Droughts?  You name it.  The unexpected is happening – all to often.  The unexpected has become the expected.  Not only in the US – but the world over in government and the private sector. Continue reading

#56 – WHAT IS A FRIEND? – CAROLYN TURBYFILL

Posted on by
Reply

Turby13In my personal experience, people have very different definitions for “friend” and “acquaintance”.

Having lived and worked in countries with military dictatorships, dangerous social, religious and political unrest,  I have what I called a “Third World” definition of a friend.   My definition of a friend is someone you can trust with your life and the lives of your friends and family.

This kind of friendship includes not doing things that can cause other people to be threatened or harmed to get to you, or who you may harm by revealing or even insinuating a confidence.  I have lived in places where people write out a “Statement of Conscience” – which represents what they believe and stand for that can be used to counter anything they may be coerced into saying through threats or torture. Continue reading

#50 – BLACKMAIL & BOUNTIES & BITCOIN – OH MY! – Dr. Carolyn Turbyfill

Posted on by
Reply

Do you have an old Hotmail account lying around?   What would you do if:

Dr. Carolyn Turbyfill

Dr. Carolyn Turbyfill

  • Someone took control of an account belonging to you – using public information to answer the security questions that allow you to reset a password.
  • Used your compromised account to break into other more sensitive accounts – your business, bank, etc.
  • Then blackmailed you for $20,000 with the threat of selling your identity and accounts to ‘fraudsters’ who ‘would ruin your life’? Continue reading

#41 – THE NEW CYBER WARFARE & ISO 27001 – EDWARD HUMPHREYS

Posted on by
Reply

Cyber threats continue to plague governments and businesses around the world. These threats are on the rise as cyber criminals increase their focus and know-how. The problem demands an international solution.  ISO/IEC 27001 provides a management framework for assessing and treating risks, whether cyber-oriented or otherwise, that can damage business, governments, and even the fabric of a country’s national infrastructure. Continue reading