23 October 2009

Business Strategy 2010

Economic recovery, innovation, and demand for new business models will create limitless opportunities in 2010.

Get this business strategy report, go to:Business_2010

www.csoboard.com/Publications

Posted by Jaime Chanaga, CISSP, CISA in Business, Economy | | Comments (0)

|

06 October 2009

Ethics in Cybersecurity

On Monday the U.S. Federal Trade Commission (FTC) announced new rules (Wall Street Journal: http://online.wsj.com/article/BT-CO-20091006-709182.html) that will require internet bloggers to disclose when they have received cash or other payment for endorsing the services and products of a company. While this may news may have caused a stir in the online community, the FTC’s actions made me stop and think about the current business world we live in.

We live in a global business climate where personal responsibility, ethics, and doing what is morally correct are undervalued and often a detriment to a person’s career mobility. I’m not saying every company or corporate culture rewards bad behavior—although I’ve seen some industries and organizations that do reward unethical behavior.  The truth lies somewhere closer to the reality that it is easier for people to look the other way and ignore bad behavior, even to the point of ignoring the personal responsibility for transparency and basic decency in all of our actions individually and collectively.

Fast forward to the information security or “cybersecurity” world we thrive in. Personally I’m saddened that the FTC would have to legislate what should be a basic tenet of being a business professional or in a position of trust as a blogger or celebrity. As working professionals in our respective career fields, there should never be a question as to where our moral compass is showing the way.  As a management consultant, technology executive, and security professional, one thing has always been clear in my mind—the value of personal ethics in all I do.  Have I made my share of mistakes in my career?  Absolutely. Have I learned from those mistakes?  Yes!  Remember that being an ethical person does not guarantee you will not make mistakes.

The information/cybersecurity industry is innovating at an unprecedented speed.  Industry and government regulations attempt to instill personal, cultural, and corporate responsibility. These well intentioned efforts will fail to accomplish their intent unless people take personal responsibility. 

One of the best lessons I’ve learned is that having clear personal responsibility and ethics your words and actions in the security profession is more important than all of the technical or formal knowledge you acquire in the security profession. Trust your moral compass.  Do what is correct, ethical, honest, transparent, and good for your clients, your organization, your community, and our world.

 

Posted by Jaime Chanaga, CISSP, CISA in Business, Cybersecurity, Economy | | Comments (0)

|

07 August 2009

How CEOs Should Think About Information Security

CEOs must fundamentally change their thinking about the strategic and bottom line importance of information security in the 21st century.  Information security and the challenges for the protection of data entrusted to organizations is outpacing government and industry enforcement capabilities. CEOs who understand this sooner will be able to ensure their organizations are better prepared to meet those challenges.

You may read the article "IT is a must" at BT Quarterly: http://www.btquarterly.com/?mc=it-must&page=sp-viewarticle.  Please note you will be required to register for free at BT Quarterly to read the article.

Posted by Jaime Chanaga, CISSP, CISA in Business, Cybersecurity, Economy | | Comments (0)

|

29 May 2009

Cybersecurity: Three trends for 2009

I wrote this report and just published it on my consulting firm's website. This executive report examines three important trends of cybersecurity importance for business. We are facing difficult economic times. Organizations who proactively plan and manage cybersecurity risks will be better positioned to succeed in the global business environment.

To download this report go to:

http://www.csoboard.com/Publications

Posted by Jaime Chanaga, CISSP, CISA in Business | | Comments (0)

|

09 May 2009

UC Berkeley: Data Breach 160,000 Students, Alumni, and Staff at Risk

Seal of the University of CaliforniaImage via Wikipedia

The University of California, Berkeley, has setup a website http://datatheft.berkeley.edu/ informing the general public about a data security breach carried out by hackers who may have accessed a database at the university's campus health services center.

My thoughts...It is my hope, this incident will serve as a wake up call to healthcare organizations and educational institutions of the need for stronger information security management.  I've long believed that healthcare and educational institutions have a greater responsibility for the confidentiality, integrity, and availability of the personal information entrusted to them by their students, staff, and business partners. 

As a former Chief Information Security Officer (CISO) in healthcare, I know first hand the data security and privacy risks for that industry.The healthcare industry collects and processes more personal information on patients, than most financial institutions. For hackers seeking to steal personal information to be able to conduct financial fraud, healthcare organizations are easy targets, given the limited financial resources those organizations have devoted to protecting the personal information of patients, staff, and business partners. Healthcare organizations need to invest in more information security defenses and education for their staff.  Meeting an audit report for regulatory compliance is not sufficient and healthcare organizations must invest in information security as an integral part of their way of doing business.


Reblog this post [with Zemanta]

Posted by Jaime Chanaga, CISSP, CISA in Data Breach | | Comments (0)

|

05 May 2009

8 Million Patients' Personal Data Stolen By Hackers In Virginia

The Virginia Prescription Monitoring Program (PMP) was hit by hackers according to media reports. (See Washington Post: http://voices.washingtonpost.com/securityfix/2009/05/hackers_break_into_virginia_he.html)

The suspected hackers deleted the pharmacy records of 8 million patients in the state's databases and hijacked the PMP website with a $10 million dollar ransom note to return the data records.  The state is referring all inquiries to the U.S. FBI.

More news regarding this incident:

FBI Probes $10M Hacker-Ransom Claim in Virginia
http://www.cbsnews.com/stories/2009/05/05/tech/main4992372.shtml

Alleged hacker demands $10 mil for Va medical records
http://www.timesdispatch.com/rtd/news/local/article/HACKGAT05_20090504-212004/265693/


Posted by Jaime Chanaga, CISSP, CISA in Data Breach | | Comments (1)

|

22 April 2009

SC Magazine 2009 Awards - Winners

During the week that the RSA Conference is held in San Francisco, another event takes place that is always the highlight of the week.  That event is the SC Magazine Awards Gala industry awards.  This is one of those events I look forward to every year and I'm sure many IT security industry companies also look forward to having their solutions honored by an award.

The SC Magazine 2009 Awards Gala event was held last night at the Hilton Hotel were the best awards that I've attended in recent years.  Despite the economic news we hear every day, you could tell from observing the companies attending, nominated, and honored are growing and providing solutions that customers are demanding.  This leads me to believe that the IT industry in general has at least one very large bright spot and that is IT security.

I won't pontificate on the merits of IT security solutions or the value of purchasing those solutions.  I'll let you be the judge of those solutions.  Here is the link for a the list of winners of the SC Magazine Awards 2009 -- http://www.scmagazineus.com/pages/section/945/

Thanks to SC Magazine, the judges, nominees, winners, and most importantly thanks to the customers and clients we in the IT security industry serve.  You, our customers in many industries have allowed us the privilege and honor of serving you with IT security solutions that protect your organizations from risks both on-line and offline.  Thank you for aallowing us to serve you, our customers.

Posted by Jaime Chanaga, CISSP, CISA in Business | | Comments (0)

|

19 April 2009

State of Information Security 2009

I couldn't sleep tonight and was reading on-line on recent cybersecurity challenges and ran across an article in the San Francisco Chronicle regarding this year's RSA Conference.  (See SFGate.com: Somber year for RSA Conference on cybersecurity).  The RSA Conference is one of the largest gatherings of cybersecurity professionals in the world. 

The SF Chronicle article crystallized for me what I have been feeling as an information security professional, a feeling that today more than ever, cybersecurity has a real impact on our daily lives.  Unfortunately due to the current economic crisis, many organizations are being forced to scale back their Information Technology (IT) and information security budgets. 

Organizations should carefully consider their investments in light of current economic conditions and make wise investments in cybersecurity.  Prudent investments in cybersecurity will help to safeguard an organization's intellectual property, business transactions, and the data/information entrusted to them by their clients and business partners.

As I travel to the RSA Conference this week, I hope to interact with other information security professionals and colleagues and learn how they are helping their organizations by adding value and performance improvements to their organizations.

Posted by Jaime Chanaga, CISSP, CISA in Economy | | Comments (0)

|

12 March 2009

Information Systems Security Officer (ISSO) for Office of CTO for District of Columbia Arrested by FBI in Ongoing Investigation

Several media outlets are reporting of an investigation being led by the U.S. Federal Bureau of Investigation targeting officials in the Office of the Chief Technology Officer (OCTO) for the government of the District of Columbia.

According to news reports, Yusuf Acar, the Information Systems Security Officer (ISSO) for the OCTO has been arrested by the FBI.

Yusuf Acar worked for Vivek Kundra, who recently left his role as Chief Technology Officer for the District of Columbia to become President Obama's nominee for Chief Information Officer for the Federal Government.

See more at:

Washington Post - Breaking: D.C. Tech Official Busted in Federal Bribery Sting  http://voices.washingtonpost.com/dc/2009/03/breaking_dc_tech_official_bust.html

Associated Press - FBI searches DC government office, arrests worker
http://www.google.com/hostednews/ap/article/ALeqM5hMT9GSjeFeuiRWPCUKflpfkvfw3QD96SIU584

ABC News - FBI Arrests DC Official
http://blogs.abcnews.com/politicalpunch/2009/03/fbi-arrests-dc.html

Fox News- Obama's Pick for Information Officer Raided by FBI
http://www.foxnews.com/politics/first100days/2009/03/12/obamas-pick-information-officer-raided-fbi/

Posted by Jaime Chanaga, CISSP, CISA in Current Affairs | | Comments (0)

|

06 March 2009

SC Magazine: Leading through the good and bad

SC Magazine: Leading through the good and bad
by Jaime Chanaga, CISSP, CISA - CEO, The CSO Board

As the drumbeat of negative economic updates seems to overwhelm our daily news cycles, we tend to forget that at the heart of any business engine is people.

Read the full article here:
http://www.scmagazineus.com/Leading-through-the-good-and-bad/article/128340/

Posted by Jaime Chanaga, CISSP, CISA in Economy | | Comments (0)

|

Next »

Search this blog

Subscribe to this blog

Jaime Chanaga

  • Jaime Chanaga is one of those rare people who can say he is a consultant, speaker, and author. CSO Magazine calls him, "A man who's barreling down a road that most people are still trying to merge onto.


    His work has attracted clients including executives and over 200 leading organizations. His consulting firm, The CSO Board, LLC is dedicated to helping leaders and organizations solve critical strategic issues make lasting substantial improvements in their performance.

     

    View my complete profile

Social Networks

The CSO Board

  • Dallas Office
    9720 Coit Road, Suite 220-192
    Plano, TX 75025

    Voice: 1 (214) 764 9644
    Fax: 1 (214) 291 5885

Recent Posts

Categories

My Twitter Updates

    follow me on Twitter

    Security Bloggers

    Copyright & Terms of Use

    • © 2009 by The CSO Board, LLC. All rights reserved.

       

      Permission granted to reproduce with proper attribution. This publication contains the opinions and ideas of its author and is designed to provide useful advice and formats to the reader on the subject matter covered. Any references to products or services in that pursuit do not constitute or imply an endorsement or recommendation.

       

      The publisher and author specifically disclaim any responsibility for any liability, loss, or risk (financial, personal, or otherwise) which may be claimed or incurred as a consequence, directly or indirectly, of the use and/or application of any of the contents of this publication. The publisher does not attest to the validity, accuracy, or completeness of this information.

       

      Use of a term in this publication should not be regarded as affecting validity of any trademark or service mark.