By Order of the President

Today President Obama signed an Executive Order that seeks to modernize the digital system in the federal government and increase cybersecurity. The order lays the groundwork for establishing a federal privacy council... [ read more ]

Cybersecurity – Incident Response

People and organizations tend to focus on methods to prevent cyber attacks on their digital systems. While prevention is an important aspect of cybersecurity, it does not address an equally important piece... [ read more ]

If You Only Do One Thing….Data Privacy Day!

Thursday, January 28 is Data Privacy Day. This special day is celebrated across Europe, Canada, and the United States. The purpose of Data Privacy Day is to promote an awareness of data... [ read more ]

Encouragement, Mentoring, Admonishment

A wise man —a father figure to me— once explained that he would almost always begin mentoring on some need for change through encouragement. Encouragement failing, he would exhort. Exhortation failing, he... [ read more ]

EHNAC Releases Final 2016 Criteria Versions for 18 Accreditation Programs

The security of the data that rests in the servers of the health care industry is of great concern to the general public and government agencies. Assuring that the data remains confidential,... [ read more ]

Senate Takes More Action

Late last year the US Senate voted overwhelmingly to pass CISA, the Cybersecurity Information Sharing Act. That piece of legislation requires organizations to share cyber information between private entities and various government... [ read more ]

The Executive Wire Scam

Dear Social Engineering Diary, Phishing attacks have been with us for many the years. This sub-type of spam involves sending a mass of emails with a generic message that often seeks money.... [ read more ]

Martin Luther King Day…and Thoughts on Cybersecurity

Monday, January 18th is Martin Luther King Day, a federal holiday that is observed the third Monday of January in recognition of his life’s work. Dr. King once said “The function of education... [ read more ]

Dorkbot

In recent years there have been a substantial number of new and modified malware samples attacking our digital systems. Some have had mundane names, while others have had more flamboyant names, e.g.... [ read more ]

EHNAC Releases Final 2016 Criteria Versions for 18 Accreditation Programs

The security of the data that rests in the servers of the health care industry is of great concern to the general public and government agencies. Assuring that the data remains confidential,... [ read more ]

Risk Analysis in Healthcare

Recently a healthcare organization was fined $850,000 for HIPAA violations. At the top of the list of non-compliant activities was the failure of the organization to conduct a thorough risk analysis of... [ read more ]

Law Enforcement Cybercrime Series Tools, Tactics & Techniques Social Engineering: ‘Dumpster Diving’

‘Dumpster diving’ is no longer just for homeless people looking for food or those looking for furniture to repurpose. Cyber-criminals are gaining valuable information to manipulate people and organizations through the social... [ read more ]

Social Engineering Strikes Again!

Everyone with a vested interest in cybersecurity was at first shocked at the media headlines “CIA Director John Brennan and DHS Secretary Jeh Johnson emails hacked”. Once over the initial shock and... [ read more ]

Cybersecurity Is Alive and Well in US Nuclear Power Plants

The Nuclear Power Industry is working hard to protect their plants from cybersecurity attacks. The NRC issued 10 CFR 73.54 “Protection of digital computer and communication systems and networks” which requires power... [ read more ]

Cybersecurity – Access Control

Cybersecurity controls are methods for mitigating risks to digital systems that can be applied to provide a higher assurance that those systems are protected. While this provides actions that help to prevent... [ read more ]