Welcome to
A place to release your cyber-stress

"Heavy Lies the Crown" of Regulation and Compliance

We need to be minded of the job of a CISO as the person who answers for PCI-DSS, HIPAA, CCPA, GDPR, and other regulations in addition to their primary job of making sure the business operation runs securely without too much security and authentication friction.

The gap between resources and responsibility is hitting an all-time high for the CISO in the corporate world. A role meant for more than one person, that falls into the lap of one.

Eventually, the CISO’s head is the one on the chopping board in the event of a major breach. Not only do they need to manage the crisis in the round-the-clock warlike dynamics of response and recovery, but in the aftermath, they’re also the ones most likely to be let go. Not fair!

  

Get CyberToons to your inbox

We need to be minded of the job of a CISO as the person who answers for PCI-DSS, HIPAA, CCPA, GDPR, and other regulations in addition to their primary job of making sure the business operation runs securely without too much security and authentication friction.

The gap between resources and responsibility is hitting an all-time high for the CISO in the corporate world. A role meant for more than one person, that falls into the lap of one.

Eventually, the CISO’s head is the one on the chopping board in the event of a major breach. Not only do they need to manage the crisis in the round-the-clock warlike dynamics of response and recovery, but in the aftermath, they’re also the ones most likely to be let go. Not fair!

  

All CyberToon strips

May 14

IT Emergency

Having read the Equifax Data Breach Congress Report from December 2018, one can see that the alleged Chinese attackers did not need to work very hard. All they did was take advantage of a few expired security certificates, a non-patched Apache Struts software and utilize a few web shells that led into additional databases.

Before you even ask, the answer is yes, it could have been prevented. If only there was an effective way to continually pen-test the entire network and point to these non-critical vulnerabilities that can lead to a disastrous breach. Well, now there is - automated penetration testing. And it is here to stay.

  
CyberToon_2_with_Header (1)-1

Having read the Equifax Data Breach Congress Report from December 2018, one can see that the alleged Chinese attackers did not need to work very hard. All they did was take advantage of a few expired security certificates, a non-patched Apache Struts software and utilize a few web shells that led into additional databases.

Before you even ask, the answer is yes, it could have been prevented. If only there was an effective way to continually pen-test the entire network and point to these non-critical vulnerabilities that can lead to a disastrous breach. Well, now there is - automated penetration testing. And it is here to stay.

  
Load More