Author: Johna Till Johnson

Infosec professionals are well familiar with the phenomenon of Transport Layer Security (TLS) interception. For everyone else, some background: TLS is the successor to SSL, once the default encryption protocol. TSL provides the underpinnings for many common security protocols, including secure HTTP (HTTPS). Protocols like TLS...

[vc_row][vc_column][vc_column_text]Does security awareness training really matter, or is it a frill? Consider this: Last week, DefensePoint Security, a Virginia-based government cybersecurity contractor, announced its employees’ W-2 tax data had been compromised. But the company wasn’t hacked. It turns out that someone inside the company fell...

Earlier this week I discussed the three top mistakes that companies make when assessing cybersecurity insurance. Now it’s time to take a look at what to consider when assessing insurance coverage. As noted previously, the best way to conduct this review is for the CISO and...

We are witnessing a transformation in information technology that will have a profound impact on how business and technology teams work together. The MIS teams of the 1960s and ‘70s focused narrowly on back-office systems and then transformed into IT, which expanded to include all...

Executive Summary Cyber attacks on businesses and governments are more common than ever before, and are likely to increase. The precipitous rise in breaches over the last decade has created a market for specialized liability policies aimed at mitigating the effects of a breach. Nemertes’ 2016...

The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in New York State to go into effect in January 2017, with demonstrated compliance required by affected firms (“covered entities”) by January 2018. The regulations are groundbreaking...

For years, it seemed as though AT&T and Amazon viewed each other as competition. Despite depending on the network for its very existence, Amazon treated the network as a commodity: Users only needed cheapest-possible Internet services to connect to Amazon--including to its market-leading Amazon Web...

Executive Summary IT organizations are moving toward a risk-management approach to information security. But what does that mean, and how can infosec professionals actually implement such an approach? What does it mean to take a “risk-based” approach to security budgeting? Nemertes outlines our Business Risk Portfolio...

In our 2016/2017 Security and Risk Management Benchmark and Maturity Model, we highlighted a set of "bellwether technologies": Technologies that, we believed, would characterize the most sophisticated security organiztions. By and large, the technologies we selected were, in fact, considerably more likely to be deployed...