onShore Security’s Security Compliance Officer Chris Johnson discusses how to determine an organizations’ cybersecurity maturity.

 

Segregation of Duties

Segregation of duties, and specifically segregation of cybersecurity management duties, is a practice that helps mitigate risks that integrated IT/security staffing can fail to reduce or even enable in the first place. The concept of segregating duties as risk management is already in place in some areas in financial institutions. For example, the chief lending officer would not be the person approving loans, nor would one person alone be in charge of outgoing wires. This practice can and should be extended into a financial institution’s cybersecurity operations, but it is common in IT to see one person responsible for both setting up and monitoring the email system or to be responsible for both the network and penetration testing. [Read more…]

The following is a guest blog, published with the author’s permission. Click here to read the original post at Tressler LLP.

Here It Is: The Decision That Tells Data Collectors Exactly What They Should Have Known Before They Had A Breach

A class action entitled Wade v. ABM Indus. Inc., 2018 CH 3855 was initiated last week against ABM Industries (“ABM”) in Illinois based on allegations that ABM recently breached its employee’s Personal Information.  In summary, the class action plaintiff claims he was damaged by his employer, ABM, “when it ‘allowed hackers to obtain access to Plaintiff’s and other employees’ Personal Information.”  In particular, the class action plaintiff claims his Personal Information “should not have been susceptible to unauthorized access through the use of one of the oldest, and least sophisticated types of cyber-attacks – the ‘phishing email scheme.’” [Read more…]