George Pajari

The recent coronavirus outbreak reminds security professionals of the importance of having a pandemic plan. Here are some resources: CCOHS: https://www.ccohs.ca/outbreaks/  US CDC: https://www.cdc.gov/flu/pandemic-resources/pdf/businesschecklist.pdf … US OSHA: https://www.osha.gov/Publications/OSHA3327pandemic.pdf …

Ransomware takes out another company, leaving 300 out of work. Unfortunately until many companies start taking information security more seriously, this will continue to happen.https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/ …

Yet another disgruntled IT staffer takes out his employer's systems: https://www.bbc.com/news/uk-england-leeds-50843669 … Insider threats are pernicious and difficult to defend against. CMU provides some of the best advice:https://www.sei.cmu.edu/research-capabilities/all-work/display.cfm?customel_datapageid_4050=21232 …

Another unfortunate person has fallen victim to the SMS number-port attack. https://www.cbc.ca/news/technology/phone-porting-extortion-1.5352300 … (via @thomasdaigle and @CBCTheNational). It's not for nothing the use of SMS for authentication was discouraged three years ago! https://www.schneier.com/blog/archives/2016/08/nist_is_no_long.html … USE PROPER TWO-FACTOR APP!

It's not as if the security practices of Canadian financial institutions were great to begin with (lack of 2FA, "secret" security questions, limited password length, etc.), now one goes and does something particularly idiotic: https://www.cbc.ca/news/canada/nova-scotia/national-bank-canada-customer-banking-privacy-1.5334059 … @nationalbank I'm at you!

The story of my professional life, from wanna-be CISO, to being a CISO, to ex-CISO. What I did right. What I did wrong. Tomorrow at the Vancouver SecSIG meeting.https://www.eventbrite.ca/e/vansecsig-isc2-and-issa-october-2019-meeting-registration-74914401993 …

Given today's cyberthreat landscape, how can it be that more than a third of Fortune 500 do not have a CISO? If you have data you must protect it. And a part-time CISO is far better than none. https://www.scmagazineuk.com/article/1661131  via @SCmagazineUK

Please join @TheresaAzari and me at @ISACAVancouver this Wednesday as we present the concept of Minimum Viable Security -- critical for startups and young companies.https://engage.isaca.org/vancouverchapter/events/eventdescription?CalendarEventKey=27859605-be89-4bbd-a43c-6e219f37c27f&CommunityKey=7ccf56df-771f-43ce-a1e3-5340f9d291e0&Home=%2fvancouverchapter%2fevents%2frecentcommunityeventsdashboard …

Yet another example of why challenge questions (e.g name of your first pet) for password resets are a STOOOOPID idea: https://www.inquirer.com/business/trump-tax-returns-haverford-justin-hiemstra-information-guilty-plea-20190805.html … via @phillyinquirer