A Q&A with Matt Barrett, COO of Cyber Engineering Services Incorporated (CyberESI) First introduced in 2014, the National Institute of Standards and Technology (NIST) CyberSecurity Framework (CSF) has since become a widely held best practice far beyond the commerce industry. To get some perspective on the framework and how it’s evolved over the past five…

A Q&A with Wyatt Hoffman of Carnegie Endowment for International Peace As cyber-attacks continue to mount, private organizations are ramping up their security activities, and many wonder whether “active cyber defense” is the answer. Of course, what constitutes “active cyber defense” is an emerging debate for international lawmakers and policy makers, says Carnegie Endowment for…

A Q&A with Brian Schaeffer of OceanFirst Bank N.A. It’s a given that cyber attackers will target financial institutions but community banks and credit unions may be more vulnerable, with fewer resources to devote to security and the assumption, among perpetrators, that they’re an easier mark. I spoke to Brian Schaeffer, Chief Information Security Officer…

A Q&A with Jim Leonard of InfoArmor One of the newer and potentially more promising weapons being deployed in the battle for cyber security is machine learning, in which systems can improve themselves based on experience and previous data. We asked Jim Leonard, Director with the Advanced Threat Intelligence unit at InfoArmor for some insight…

A Q&A with David Hylender 2017 marked the tenth year for the Verizon Data Breach Investigation Report, an invaluable resource for understanding the current landscape in cyber security. This year 65 organizations from around the world reported 1,935 confirmed breaches and 42,068 data loss incidents. I asked David Hylender, senior risk analyst at Verizon Business,…

NetDiligence® Security Advisory – October 17th, 2017 KRACK WPA2 Wi-Fi Exploit Status and Protection Tips This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis….

NetDiligence® Security Advisory – May 14th, 2017WannaCry/WannaCrypt Exploit Protection Tips This NetDiligence Security Advisory is published for the benefit of our cyber insurance carrier/broker clients and their insureds. We urge clients to take special note of the details included in this Advisory and take preventative/remedial action on a timely basis. Clients are welcomed to distribute…

A Q&A with Winston Krone of Kivu Consulting
Encryption is a best practice that helps safeguard private data “at rest” (in the database). However, most companies don’t deploy encryption. Instead, they might say they use “compensating controls” instead of encryption, which include the tokenization or hashing of data. To find out more about the differences between encryption, hashing and tokenization and the relative advantages and disadvantages to each approach, we spoke with Winston Krone, managing director of Kivu Consulting, which offers investigation, discovery and analysis to businesses facing data breach incidents.