Password Advice – xkcd
6th October 2016
“What about ‘correct horse battery staple’ style passwords?” has been the response to our password manager post. There is a famous xkcd comic posted above suggesting that using four ‘random words’ together would make a great password. Here at Fractional CISO we have a view of the security of such passwords… eh. It is true that…
-- READ MORE
Password advice from the wicked
25th September 2016
Internet ransomers, hackers, and scammers all have password advice for you… keep your passwords simple, don’t change them and use the same ones for every site. Unfortunately many of us follow this terrible advice. Not having a good password scheme can lead to significant financial, privacy, social and career problems. Instead of following what…
-- READ MORE
Business Email Compromise
19th May 2016
“Please wire $70,000 to the account below.” If your staff got these instructions from “you” via email, would they do it? Would they confirm in person with you first? What policies, procedures and systems do you have in place to prevent such an action when the “you” is not you? You may believe that this…
-- READ MORE
How to check if someone is really a CISSP
30th April 2016
The Certified Information Systems Security Professional (CISSP) is the most prestigious security certification. People with the certification demonstrate a comprehensive understanding of many aspects of security as well as many years of relevant experience in the security space. The test is one of the more challenging tests with a fair number of experienced security professionals…
-- READ MORE
Temporary CISO
28th March 2016
A Temporary CISO is the interim appointment of a CISO at an organization for a period of transition. Often an Temporary CISO is needed during a period of crisis for instance during a security breach, because of a key departure or because the existing CISO needs to take a leave of absence for personal reasons. However, it may…
-- READ MORE
Interim CISO
25th February 2016
An Interim CISO is the temporary appointment of a CISO at an organization for a period of transition. Often organizations need an Interim CISO during a period of crisis. The organization needs to hire the Interim CISO quickly due to a departure. Sometimes the existing CISO may need to take a leave of absence for health…
-- READ MORE
How Registered Investment Advisors can avoid the SEC’s cybersecurity wrath
7th December 2015
In the course of providing investment guidance to consumers, Registered Investment Advisors (RIAs) collect significant personal and financial information for their clients. Hackers have learned that targeting RIAs can be a fruitful source of valuable information. The Security and Exchange Commission (SEC) has turned its attention toward RIA cybersecurity, issuing strong guidance on how RIAs…
-- READ MORE
Welcome to Fractional CISO!
2nd November 2015
Fractional CISO is intended to solve the challenges that we have encountered being responsible for security at a medium-sized cloud company. Many cloud companies charters do not have security as the primary responsibility but security is one of the first questions that customers ask and one of the biggest risks to your company’s success. Many leaders…
-- READ MORE
