bills's blog

A CSO Breakfast Club member in Baltimore sent me this link to an article about a recent discovery of 100 million Facebook user's pages on a torrent site.  The danger of this huge list of Facebook users and their personal data is it opens them up to data mining for potentially malicious intent.

I found this interesting article in the NY Times that helps explain the somewhat addictive nature of social media sites like Facebook.  The article makes light of the merry-go-round of changing Facebook privacy settings.  The author explains that users of Facebook find these privacy setting changes almost as painful doing their tazes or dealing with the utilities.  Take a look and give me your thoughts.

Many of our firm's employees and consultants are Gen X and Gen Y'ers.  These employees use social media services for nearly all their communications.  Email is almost passe' for this group.

For most members of the CSO Breakfast Club, social media represents a clear security risk for a number of reasons. Social media sites have become a haven for malware insertion.  Additionally, users of social media services often post information that is considered sensitive.

The CSO Breakfast Club is hosting its next breakfast series on the topic of Social Media - Its Impact on Enterprise Information Security and Privacy.  CSO Breakfast Club Members - spread the word!  We are looking for executives from the social media companies such as Facebook, Twitter, Linkedin, Yahoo, AOL/AIM and others to address us and tell us why we should not be concerned.

Have them contact me immediately at bill@csobreakfastclub.com

This Thursday, June 17th, at our Boston Chapter breakfast roundtable on Cloud Security we will hear from IANS Faculty Member Joshua Corman.  Joshua Corman is the Research Director for Security at The 451 Group.  In addition to hearing from Joshua we will hear from experts at Solutionary and Sourcefire, our event sponsors.

This past week we wrapped up breakfast sessions in Baltimore and DC.  Our members seem to have a strong opinion about the cloud.  Given that most of our members are CISOs from rather large enterprises, they expressed reluctance to move much into the cloud until security is better defined. 

As we launch into our breakfast series on Cloud Security, I thought I'd get a few things into the blog.First, I know that most of us recognize that the cloud is just another name for outsourced, third-party services that we have used forever.  It used to be called Time Sharing, ASP, Outsourcing, and a host of other names.However, I do believe that the current version of services from giants like Google and Amazon and others is a bit different in that we really don't know where I data will reside.  To me, that's one of the biggest concerns.

We are hosting our regional Retail & PCI Security Forum at the Omni William Penn Hotel in Pittsburgh this Thursday May 27th.  Bob Russo, GM of the PCI Security Standards Council is our Keynote Speaker.

As the event approaches I have been reflecting back to conversations I've had with CISOs across the US over the past few years as the PCI DSS has evolved.  I always wonder if it has helped improve security and actually reduce the risk to credit card data.

Matt Moynahan, CEO of Veracode spoke at our DC breakfast 2 weeks ago and is speaking again at our NY breakfast this Friday May 7th. In addition to Matt Moynahan, Veracode has provided Paul Zymba Director of Customer Success as well as Chris Wysopal - the company CTO to speak to various chapter during our current series on Third Party Vendor Risk Management. See our interview with Chris Wysopal below.

Here are a few things to get you all up to date.

This week we hold our Third Party Vendor Risk Management breakfast events in our Pittsburgh and Philadelphia chapters on Thursday and Friday respectively.  Go to the events calendar and register for the events if you have not already.  We are very excited to have Michelle Dennedy VP of Security & Privacy Solutions from ORACLE presenting along with Chris Wysopal, CTO at Veracode in both cities.