Information Security Leader, Author, Instructor and Speaker

IDC PlanScape: Building an Analytics Center of Excellence

“Analytics centers of excellence serve as the nucleus of an organization’s data transformation efforts,” says Mike Chapple, adjunct analyst with IDC’s IT Executive Programs (IEP). “The center brings together talented staff organized around the common purpose of unlocking the value hidden in business data. Using a centralized approach helps analytics efforts gain the resources they need and develop traction within existing organizational structures that might be otherwise resistant to change.”

IDC Research Report published June 2019.

Read the full report: IDC PlanScape: Building an Analytics Center of Excellence

Posted in White Papers | Leave a comment

Taking Social Security numbers public could fix our data breach crisis

Earlier this week, we learned that the American Medical Collection Agency, a billing collection agency, suffered a data breach affecting millions of patients. The perpetrators had access to systems containing Social Security numbers, bank account numbers, credit card numbers and medical records belonging to millions of individuals. Initial reports of the breach came through an SEC filing made by Quest Diagnostics informing investors that at least 11.9 million Quest patients were affected by the breach. LabCorp also used AMCA’s services, and the affected system stored information about 7.7 million of its patients. It’s likely that the number of affected individuals will continue to increase as details of other AMCA customers come to light.

We’ve heard this story so many times that we already know how it will unfold. Giant company announces breach. CEO makes statement of contrition. Executive in charge of cybersecurity is publicly fired. Customers receive letters of apology and identity monitoring services. We go back to life as normal until another breach restarts the cycle.

It’s time to break that cycle by fixing the root cause: the misuse of Social Security numbers as proof of identity by financial institutions, insurance companies, landlords, health care providers and just about everyone else.

Published June 2019 in CNN Business Perspectives.

Read the full article: Taking Social Security numbers public could fix our data breach crisis

Posted in Articles | Leave a comment

Fact or Fallacy: Stay Up to Date on Best Practices for Password Security

How much do you know about passwords? You might believe password authentication is old hat, and that you already know the best practices for implementing passwords. After all, we’ve heard password hygiene messages for years, right?

But unless you’ve updated your knowledge recently, you might be in for surprises.

Published June 2019 in EdTech Magazine.

Read the full article: Fact or Fallacy: Stay Up to Date on Best Practices for Password Security 

Posted in Articles | Leave a comment

Becoming a data security administrator is a great pathway into cybersecurity

In a recent survey of Chief Information Officers, 88 percent reported that cybersecurity initiatives were on their shortlist of priorities for 2019. That’s an astounding figure that cuts across industries and geographies as organizations struggle to protect their systems and data in an increasingly dangerous threat environment.

Implementing cybersecurity initiatives requires talented and skilled staff, and surveys consistently reveal that filling cybersecurity positions continues to challenge organizations. In a 2018 CSO survey, 53 percent of organizations reported that they suffered from a “problematic shortage of cybersecurity skills.” This news might keep senior technology leaders awake at night, but it also presents an opportunity for individuals seeking to find employment in a high-demand, lucrative field.

Published May 2019 in Certification Magazine.

Read the full article: Becoming a data security administrator is a great pathway into cybersecurity

Posted in Articles | Leave a comment

Password-Based Attacks Pose New Dangers for Agency Networks

Last year, the United States Computer Emergency Readiness Team (US-CERT) issued an alert that hackers were targeting organizations in the United States with a ­massive wave of attacks based on ­successful guesses of common passwords.

These password-spray attacks seek to identify accounts at targeted organizations that use common or simple passwords, and then use those accounts to steal sensitive information. Nine Iranian nationals were indicted last year in New York for hacks of U.S. universities, companies and government agencies using this method.

In a password-spray attack, the attacker does not need advance knowledge of a user’s password. Unlike social engineering, in which the attacker tricks a user into revealing his or her password, spray attacks rely on the fact that, unless prevented, users will choose easy-to-remember passwords.

Published May 2019 in FedTech Magazine.

Read the full article: Password-Based Attacks Pose New Dangers for Agency Networks 

Posted in Articles | Leave a comment

Big Tech can’t be trusted. It’s time for regulation

Big Tech is under the spotlight, and for good reason.

In the past couple of years, an onslaught of incidents have shook public confidence in major technology firms. Facebook apologized for allowing Cambridge Analytica to harvest the personal information of more than 80 million users. Google shut down its social network in the wake of reports that it failed to disclose a serious security vulnerability that could have revealed the private information of as many as 500,000 users. The company said it found “no evidence” that any data was actually misused. Then, just a couple months later, Marriott announced a data breach that affected 500 million individuals.

It’s become clear that Big Tech can’t be trusted to govern itself. It’s time for regulators to step in.

Published April 2019 in CNN Business Perspectives.

Read the full article: Big Tech can’t be trusted. It’s time for regulation

Posted in Articles | Leave a comment

Does Your Business Need Unified Endpoint Management?

Consider how many endpoint device types exist in the typical business: Virtually all have desktop and laptop computers, as well as smartphones and tablets. Many also have virtualized desktops running in a data center or the cloud. And some have wearable devices or containerized computing.

Now, think about how each of those device categories is managed. Are standard management practices applied to each and every type of device or are some left out in the cold? Is there a single management interface that allows the IT team to view the status of each of those devices and apply configuration updates as needed? How quickly can the security team move to protect data and provision a replacement device for a user with a lost, stolen or damaged device?

Published April 2019 in BizTech Magazine.

Read the full article: Does Your Business Need Unified Endpoint Management?

Posted in Articles | Leave a comment

Five Ways to Modernize Digital Certificate Management

“Digital certificates aren’t the most exciting issue in IT, and they’re not top of mind for most senior IT leaders until a certificate failure suddenly causes them to take center stage. Investing a small amount of time and energy now in modernizing digital certificate practices can protect organizations against future risk,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published April 2019.

Read the full report: Five Ways to Modernize Digital Certificate Management

Posted in White Papers | Leave a comment

5 Ways to Safeguard Student Information

Schools handle a wide variety of sensitive information concerning students and their families. Laws, regulations and ethical obligations require administrators to take active measures to protect that information from unauthorized disclosure.

That warrants a combination of technical and process controls designed to facilitate legitimate use of student records while safeguarding them against intruders. Let’s take a look at five ways that schools can better protect their student records.

Published April 2019 in EdTech Magazine.

Read the full article: 5 Ways to Safeguard Student Information

Posted in Articles | Leave a comment

Nine pitfalls to avoid on your path to certification

Over the past two decades, I’ve helped thousands of people earn cybersecurity certifications through my books, video courses, and online study groups. During that time, I’ve watched many people succeed, but I’ve also seen people who start with good intentions get tripped up by some pitfalls that await on the path to certification.

Let’s take a look at nine of the most common pitfalls that sidetrack certification candidates and talk about ways that you can plan your own certification journey to avoid repeating those common mistakes.

Published March 2019 in Certification Magazine.

Read the full article: Nine pitfalls to avoid on your path to certification

Posted in Articles | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple