El Diario del CISO El Diario del CISO (The CISO Journal) Edición 34 | Page 8
EL DIARIO DEL CISO
(THE CISO JOURNAL)
Pensando y Trabajando por
un Líder de Seguridad Digital
Tip Toeing Through Cyber Insurance
Founder & CEO, TAG Cyber LLC
“If you took all the men and women employed in the U.S.
insurance industry and laid them head to toe, starting on
New York’s William or John Street – the little-talked-
about insurance industry equivalents of neighboring Wall
Street – they would stretch up the West Side Highway,
head to toe, over the George Washington Bridge into N.J.,
down the N.J. Turnpike to the Pa. Turnpike, across Pa.
into Ohio, through Ohio along Interstate 80 past Chicago,
past Des Moines, past Lincoln, Nebraska – still head to toe,
one after another – past Cheyenne, Wyoming to someplace
just shy of Salt Lake City.”
With that line, typed in 1982, probably with WordPerfect, Andrew
Tobias began the best book ever written on insurance: The Invisible
Bankers. If you’ve never read the book, I heartily recommend you grab
an old copy. Most references and numbers are dated – a $20K salary,
for example, is listed as a decent wage. But the concepts remain
super relevant. And for those of us in the cyber security industry,
education on insurance is essential. Reading
Who’s the subject of the latest data breach? A: Quora
Cybersecurity writer at The Threat Report, Cylance, Venafi, Tripwire
Marriott breach fallout includes renewed calls for US
privacy law, class-action lawsuits
Ryan Chiavetta, CIPP/US
Marriott International discovered a data breach within its
Starwood reservation system that could have potentially
compromised the information of 500 million customers.
Unsurprisingly, given the scale of the incident, responses to
the breach have been strong and swift.
Lawmakers on Capitol Hill have cited the Marriott Breach as
another reason why the U.S. needs federal privacy rules.
Senate Intelligence Committee Vice Chair Mark Warner, D-
Va., said the incident should strengthen Congress' resolve to
pass laws that require data minimization and "ensure
companies account for security costs rather than making
their consumers shoulder the burden and harms resulting
from these lapses.” Warner's sentiment was shared by Sen.
Richard Blumenthal, D-Conn. Reading
Security in Software Development and Infrastructure
I've just spent the past few days pre-occupied with the Marriott Editor of Cermati Tech
International data breach, one of the largest known data breaches yet.
Here’s what I wrote recently:
“Now the latest big data breach story is about Marriott, a very large
international hotel chain. The breached data pertains to people who
have stayed at Starwood Hotels and Resorts properties at least once
between 2014 (no approximate date is given) and September 10th, 2018.
If you didn’t stay at a Marriott branded hotel during this time period,
there’s still reason for you to be concerned. The Starwood Hotels and
Resorts chain includes the W Hotels, St. Regis, Sheraton Hotels &
Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The
Luxury Collection properties, Tribute Portfolio properties, Le Méridien
Hotels & Resorts, Four Points by Sheraton, and Design Hotels.
Interestingly enough, although the press release reporting the breach is
under the Marriott International name, Marriott-specific data wasn’t
involved in this breach because the Starwood and Marriott reservation
databases are still separate.” Reading
The 4 Pillars of a Lasting Cyber Security Transformation
Founder and MD - @CorixPartners
Simply throwing money at the problem is rarely
Nowadays, the concerns regarding security
and privacy are growing among the users of technology.
Considering that Cermati is a financial technology company,
security is one of our main concerns when designing and
implementing our system due to the amount of sensitive
financial data we’re handling.
The idea of this article came from a coworker of mine — our
engineering manager, Michaela Nathania. She told me that
she’d like me to share about information security to our
engineering team, either by talking in our internal tech talk or
by writing. I consider myself a better writer than speaker, and I
think writing it down will allow me to deliver the message in a
more scalable way for the long term. So here it is in the form of
an article. Reading
Many CIOs and CISOs would have come across this situation after an
incident, a serious near-miss or a bad audit report: Suddenly, money
and resources — which were previously scarce — appear out of nowhere,
priorities shift, and senior executives demand urgent action around
It is probably the dream of many CISOs to inherit one day such
transformational challenge where money is — apparently — no object. In
practice, however, it can also be a curse if you fail to deliver.
What are the key factors in driving successful transformation around
cyber security? Reading