Category Archives: C-Level

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and ...

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part Two

In part two of my interview with Varonis CFO & COO Guy Melamed, we get into the specifics with data breaches, breach notification and the stock price. What’s clear from our conversation is that you can no longer ignore the risks of a potential breach. There are many ways you can reduce risk. However, if you choose not to take action, minimally, at least have a conversation about it. Also, around 5:11, I asked a question…

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and ...

[Podcast] Varonis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part One

Recently, the SEC issued guidance on cybersecurity disclosures, requesting public companies to report data security risk and incidents that have a “material impact” for which reasonable investors would want to know about. How does the latest guidance impact a CFO’s responsibility in preventing data breaches?  Luckily, I was able to speak with Varonis’ CFO and COO Guy Melamed on his perspective. In part one of my interview with Guy, we discuss the role a CFO has in preventing insider threats…

Another GDPR Gotcha: HR and Employee Data

Another GDPR Gotcha: HR and Employee Data

Have I mentioned recently that if you’re following the usual data security standards (NIST, CIS Critical Security Controls, PCI DSS, ISO 27001) or common sense infosec principles (PbD), you shouldn’t have to expend much effort to comply with the General Data Protection Regulation (GDPR)? I still stand by this claim. Sure there are some GDPR requirements, such as the 72-hour breach notification, which will require special technology sauce. There’s also plenty of fine print that…

Interview With Wade Baker: Verizon DBIR, Breach Costs, & Selling Board...

Interview With Wade Baker: Verizon DBIR, Breach Costs, & Selling Boardrooms on Data Security

Wade Baker is best known for creating and leading the Verizon Data Breach Investigations Report (DBIR). Readers of this blog are familiar with the DBIR as our go-to resource for breach stats and other practical insights into data protection. So we were very excited to listen to Wade speak recently at the O’Reilly Data Security Conference. In his new role as partner and co-founder of the Cyentia Institute, Wade presented some fascinating research on the…

CEO Phishing: Hackers Target High-Value Data

CEO Phishing: Hackers Target High-Value Data

Humans like to click on links. Some of us are better at resisting the urge, some worse. In any case, you’d also expect that people in the higher reaches of an organization — upper-level executives and the C-suite — would be very good at resisting phish bait. Harpooning the Whale Alas, even the big phish like to chomp on the right links. We now have even more evidence that cyber thieves are getting better at…

Privacy by Design Cheat Sheet

Privacy by Design Cheat Sheet

Privacy by Design (PbD) has been coming up more and more in data security discussions. Alexandra Ross, the Privacy Guru, often brings it up in her consultations with her high tech clients. Its several core principles have been adopted by U.S. government agencies and others as de facto best practices polices. PbD is about 20 years old and is the brainchild of Ann Cavoukian, formerly the Information & Privacy Commissioner of Ontario, Canada. Why haven’t…

Top 8 Minds in Online Privacy

Top 8 Minds in Online Privacy

1. Alessandro Acquisti @ssnstudy Acquisti is a professor of computer science at Carnegie-Mellon University, and is also a researcher at Cylab, a data security research center at CMU. He’s best known for an experiment in which he photographed random students on the Mellon campus and used off-the-shelf facial recognition software to match against head shots found in Facebook profiles. Result? He connected photos to names and locations of students. And with additional information, he was…