Author: Johna Till Johnson

Many companies are moving towards a DevOps model for developing and deploying software and infrastructure. DevOps is also a bellwether technology for organizations: Companies that have the most mature cloud and data center strategies are three times as likely to use DevOps as are companies...

The past few weeks have seen a spate of infrastructure-related cybersecurity vulnerabilities. On March 8th,  Apache released a critical vulnerability alert (CVE) regarding a significant vulnerability in its Struts 2.0 opensource enterprise Java framework, which is widely used in enterprise deployments.  The vulnerability permits remote code execution (RCE) in the framework; recommended mitigation strategies include upgrading the framework or changing implementations.

Infosec professionals are well familiar with the phenomenon of Transport Layer Security (TLS) interception. For everyone else, some background: TLS is the successor to SSL, once the default encryption protocol. TSL provides the underpinnings for many common security protocols, including secure HTTP (HTTPS). Protocols like TLS...

[vc_row][vc_column][vc_column_text]Does security awareness training really matter, or is it a frill? Consider this: Last week, DefensePoint Security, a Virginia-based government cybersecurity contractor, announced its employees’ W-2 tax data had been compromised. But the company wasn’t hacked. It turns out that someone inside the company fell...

Earlier this week I discussed the three top mistakes that companies make when assessing cybersecurity insurance. Now it’s time to take a look at what to consider when assessing insurance coverage. As noted previously, the best way to conduct this review is for the CISO and...

We are witnessing a transformation in information technology that will have a profound impact on how business and technology teams work together. The MIS teams of the 1960s and ‘70s focused narrowly on back-office systems and then transformed into IT, which expanded to include all...

Executive Summary Cyber attacks on businesses and governments are more common than ever before, and are likely to increase. The precipitous rise in breaches over the last decade has created a market for specialized liability policies aimed at mitigating the effects of a breach. Nemertes’ 2016...

The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in New York State to go into effect in January 2017, with demonstrated compliance required by affected firms (“covered entities”) by January 2018. The regulations are groundbreaking...