Hacked or Spoofed?
Do you know the difference? You may have seen a friend request on Facebook from someone you know and had thought you were already friends with. Not thinking anyone is trying to impersonate your friend you may accept their friend request. Others may stop to see if you are in their current friend list. They may see their friend is in fact in their list. Here we often see people naively claiming that an account is hacked when in fact it is spoofed. What the difference? We
What Should be in a Good Cybersecurity Policy
I often get called in to evaluate cybersecurity documentation, more specific policies and procedures. One of the concerns is what to include in such documents. For local governments, it is often easy to borrow a policy or procedure from another local government. As a result, sometimes the policies do not reflect the organization’s culture and may miss items that are important to that organization. However, borrowing policies and procedures can get an organization up and runn
Policy, Procedure, or Plan
Some standards like PCI and NIST require policies that cover specific topics. Sometimes you will see a requirement for a policy and procedure around a given topic, and other times you will see a requirement that says “policy and procedures.” People often get hung up on the terms “policy” and “procedure,” and confuse the two. Here are some of the top questions I get about policies, procedures, and plans. Do I have to use the specific terms policy, procedure, or plan?
Nation-State Threat Actors
There has been a rise in the number of cyberattacks attributed to nation-states. Whether this increase is due to a rise in nation-state activity in this domain or more accurate law-enforcement detection is uncertain; however, it is time to take a look at nation-states as a serious threat actor and start to look at what we know about them. Nation-states’ motivations and capabilities differ from traditional hackers and cybercriminals and as such may require a different respons
Spread the Word on Cyber Safety
As you may know, October is cybersecurity awareness month. Each week has a new theme and this week is about the importance of training our children to be cyber-safe and about the various careers in cybersecurity. I have written several articles about careers in cybersecurity and the growing need for cybersecurity professionals. One thing that I have not blogged about is cyber safety training for children. It is not just about online predators or cyber bullies, it is about tr