An information security incident can damage your reputation and cost a lot to recover from. Such breaches often are caused by the action or inaction of people associated with the company not handling the physical security of sensitive information properly. Every person working in an organization has a role to play in keeping information secure … Read more
I was delighted to collaborate with Camille Beshara of Larson Skinner PLLC on a presentation about security incident and breach notification preparedness for the legal session during CMLS 2019. While there is guidance available on creating a plan to respond to such incidents, I thought that there would be some benefit for attendees if … Read more
I’ve been writing articles for others more than for my own blog these days, but it’s nice to have them posted here too. This article first appeared on the CoreLogic Insights Blog and included some great collaboration with Ethan Bailey. The real estate industry is increasingly aware of the dangers of ransomware, which have … Read more
Recently, while we were discussing a contract, an industry executive needed me to give an explanation of the difference between a “security audit” and a “penetration test.” The party with whom the executive was negotiating the contract had changed the contractual requirement from the one to the other. Since this might be of interest … Read more
When organizations create policy requiring screen-scraping and other automated attack prevention and monitoring, it’s important for those organizations to be specific enough to ensure that compliance with policy can be measured in some way. Indeed, it is equally important for the organization to ensure that their technology contracts contain clear and explicit terms that … Read more
