Information Security Leader, Author, Instructor and Speaker

The 5 Cybersecurity Must-Haves for Every Business

Walking the exhibition hall at a modern cybersecurity trade show can be a dizzying experience. Vendors from every angle tout products bearing seemingly urgent new capabilities (and new acronyms to match). The unspoken implication is that failure to purchase the latest solution will result in certain cybersecurity doom.

It’s hard to separate the signal from the noise to determine which security solutions will really move the needle for a business.

Here’s the thing, though: Robust cybersecurity programs revolve around a core set of solutions that provide the foundation for a strong cybersecurity operations team. Let’s take a look at a few of the technologies that should be in almost every business environment today.

Published December 2019 in BizTech Magazine.
Read the full article: The 5 Cybersecurity Must-Haves for Every Business

Posted in Articles | Leave a comment

Adapt These Settings for a Faster Windows 10

When Microsoft launched Windows 10 in 2015, the company set a goal of hitting 1 billion installed devices within three years.

Two years later, 500 million devices were running Windows 10. That’s a little behind Microsoft’s aggressive target, but half a billion installed devices is a tremendous footprint. Now that we’re approaching the January 2020 end-of-life deadline for Windows 7, Windows 10 will continue to gain steam in higher education and beyond.

As it does, IT professionals can take a few simple steps to tweak performance and improve the user experience. Windows 10 includes new features that provide better power management and troubleshooting. Those tools, combined with some traditional Windows techniques, can dramatically improve the end-user experience and stretch limited IT budget dollars by extending the usable life of endpoint hardware.

Published November 2019 in EdTech Magazine.
Read the full article: Adapt These Settings for a Faster Windows 10

Posted in Articles | Leave a comment

Plan Well for a Hybrid Cloud Environment and See Efficiencies

Early on, cloud computing promised to simplify enterprise computing, transferring mundane work to service providers. But agencies that have not completed cloud migration — or for whom total migration is impractical — wind up operating multiple computing environments.

Hybrid IT environments, whether they involve multiple cloud providers or a mix of off- and on-premises facilities, bring flexibility to agency technology operations, yet also add complexity that can be a management challenge. This is especially problematic in an environment of shrinking financial and human resources.

Let’s take a look at ways that agency technology leaders can get their arms around hybrid cloud operations and put their limited resources to the best possible use.

Published November 2019 in FedTech Magazine.
Read the full article: Plan Well for a Hybrid Cloud Environment and See Efficiencies

Posted in Articles | Leave a comment

Lessons Learned from Six Major Data Breaches

“Every security breach that we read about in the news provides us with an opportunity to reflect upon the root causes of the situation and use those breaches to improve our own security posture. High-profile breaches offer us the ability to learn from the mistakes of others, rather than repeating them ourselves,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published October 2019.
Read the full report: Lessons Learned from Six Major Data Breaches

Posted in White Papers | Leave a comment

Security, Privacy and Confidentiality: What’s the Difference?

Campus administrators and faculty understand the importance of protecting sensitive student information. The past two decades have brought us a variety of laws and regulations dictating how we handle student records, as well as a series of high-profile security incidents that underscore the importance of rising to meet these obligations. 

As we discuss the criticality of protecting sensitive student information, we often throw around three terms: confidentiality, security and privacy. While many people use these terms interchangeably, they actually refer to separate but related concepts. Institutions seeking to mature their data protection practices will benefit from providing their constituents with a clear understanding of these interrelated concepts.

Published October 2019 in EdTech Magazine.
Read the full article: Security, Privacy and Confidentiality: What’s the Difference?

Posted in Articles | Leave a comment

Don’t Be Victimized by a Supply Chain Attack

Six years ago, a major U.S. retailer suffered one of the most famous data breaches in history. Attackers compromised the company’s retail point-of-sale (POS) system and remained embedded in it for over two weeks, siphoning credit card information that moved through the system during the busy holiday shopping period. When the dust settled, the investigation revealed that the breach affected 41 million consumers.

Incident investigators traced the root cause of the breach back to an unlikely source: An HVAC repair company that served as a contractor to the retailer and had VPN access to its network. An attacker managed to steal the password of an employee of the contractor and used that initial access to work his or her way into the network, install malware on the POS system and instruct it to collect customer information.

Published October 2019 in BizTech Magazine.
Read the full article: Don’t Be Victimized by a Supply Chain Attack

Posted in Articles | Leave a comment

Understanding FERPA: How K–12 Schools Can Update Their Data Privacy Approach

Administrators and educational staff at schools around the country understand the importance of protecting student privacy. The Family Educational Rights and Privacy Act, signed into law in 1974 by President Gerald Ford, created clear protections for student educational records, limiting the ways school officials can share those records with outside parties and ensuring parents retain access to information about their children.

FERPA is well known within the educational community, but it is often misunderstood.

Published September 2019 in EdTech Magazine.
Read the full article: Understanding FERPA: How K?12 Schools Can Update Their Data Privacy Approach

Posted in Articles | Leave a comment

Is certification a reliable means of learning new IT skills and concepts?

Earning a technology certification requires some significant investments of both money and time. Candidates purchase study materials, pay tuition for training programs, and renew certifications with annual maintenance fees.

Pursuing a new certification typically requires hundreds of hours of preparation, while maintaining existing certifications requires participating in and documenting professional development activities. Is this investment worth it? Are certifications an effective and reliable way to learn new technologies and demonstrate that knowledge to potential employers?

Published September 2019 in Certification Magazine.
Read the full article: Is certification a reliable means of learning new IT skills and concepts?

Posted in Articles | Leave a comment

Fact or Fallacy: Stay Up to Date on the Best Practices for Password Security

How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing them. After all, we’ve heard password hygiene messages for years, right?

But unless you’ve updated your knowledge recently, you might be in for a few surprises.

The National Institute of Standards and Technology released Special Publication 800-63B: Digital Identity Guidelines — the newest set of guidelines — in mid-2017. Contained within this lengthy government document are dramatic changes in the way the security community thinks about passwords. Take a look at a few prevailing opinions about password security and see whether they are fact or fallacy under this revised guidance.

Published August 2019 in EdTech Magazine.
Read the full article: Fact or Fallacy: Stay Up to Date on the Best Practices for Password Security

Posted in Articles | Leave a comment

5 Questions to Ask About Buying AI-Enabled Security Software

Security products incorporating artificial intelligence techniques may reduce the workload for human analysts,taking over the time-consuming job of correlating information sources and mining voluminous logs to uncover suspicious patterns of activity. Vendors, seeing the hype around AI, are quick to slap the label on almost any technology for a cutting-edge veneer. Here are five questions to ask before purchasing an AI-enabled security system

Published July 2019 in FedTech Magazine.

Read the full article: 5 Questions to Ask About Buying AI-Enabled Security Software

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple