Opening keynote speech at the Seattle Electrical Conference

Live radio interview today at 1 PM Pacific on KXL-FM (Portland) discussing robotics, AI, and why cyber security matters in the classroom.

Companies should pay special attention to consistent classification and labeling of data, as it’s one of the biggest hurdles to effective data governance. Setting default labels for new data (for example, dubbing them confidential) can ensure that policies and technical controls are applied consistently across the organization. This also frees up data creators from having to manually label all newly created information. “In that way, a data steward only needs to review data labels when that data is crossing a security barrier such as preparing a file to send to a client or third-party vendor,” notes Kayne McGladrey (@kaynemcgladrey), director of security and information technology at Pensar Development.

The primary emphasis of the new revision is that a ‘notification event’ now triggers the reporting process, described as any unauthorized acquisition of unencrypted customer information. This is a change from the earlier draft of the Rule, which used the term ‘security event’ to describe unauthorized system access or information misuse. This change may result in some confusion, unfortunately, described below.

“Tying data security to user identities is the easiest, lowest-effort way to modernize security for small to medium businesses,” says Kayne McGladrey (@kaynemcgladrey), cybersecurity strategist at Ascent Solutions (@meetascent). “Establishing data security based on user identity means that data remains secure regardless of storage location or medium.”

Linux continues to be a popular deployment choice for new virtual machines on Azure. “Organizations moving legacy on-premises Linux servers to the cloud can quickly gain the benefits of robust disaster recovery and security without needing to change platforms or applications”

It’s time we heard from people who live and breathe cybersecurity. Join me as we discuss the highs and lows of working in this industry, the topics that need clarifying, and those that need the B.S. removed. Kayne is active in the community and has offered some GRC maturity models to help anyone.