Information Security Leader, Author, Instructor and Speaker

Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

This week’s collapse of the Iranian nuclear deal justifiably caused global consternation at the thought of Iran moving closer to becoming a nuclear power.

There is, however, a much more immediate threat. Iran is already a cyber power and has a history of launching hacking attacks against American interests.

Restoring sanctions removes an important deterrent to those cyberattacks and may have immediate adverse consequences.

The United States and Iran have quietly waged cyberwar for more than a decade. The U.S. fired the first shot in this war as early as 2007 after joining forces with Israel to use malicious software to destroy equipment at Iran’s Natanz uranium enrichment facility.

Published May 10, 2018 on CNBC.

Read the full story: Iran Doesn’t Have Nukes Yet, But It Has a Powerful Weapon It Can Use Right Now

Posted in Articles | Tagged | Leave a comment

Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

This IDC Perspective identifies five crucial principles that IT executives must understand about the use of cybersecurity insurance to transfer portions of an organization’s cybersecurity risk to an insurance carrier. Modern cybersecurity insurance policies require that organizations undergo a rigorous control assessment and surrender some control of the incident response process to carrier representatives. When chosen carefully, cybersecurity insurance policies limit an organization’s financial exposure in the event of a major breach.

“Hardly a month goes by without a major cybersecurity breach making national news. From Equifax to Yahoo! and from hospitals to schools, cybersecurity incidents cross industries and organization sizes. Many organizations are turning to cybersecurity insurance policies to limit their financial losses in the event of a security incident that compromises sensitive information or systems,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published May 2018.
Read the full report: Cybersecurity Insurance: Five Things CIOs and Businesses Need to Know

Posted in White Papers | Tagged | Leave a comment

How to Really Protect Your Digital Privacy: Move to Europe

Facebook CEO Mark Zuckerberg’s testimony before Congress last week highlighted the burgeoning importance of digital privacy in the minds of legislators and the American public. It may also mark the beginning of a long-overdue privacy awakening in our country.

Now is the right time for the U.S. government to acknowledge and defend American’s privacy rights by developing a comprehensive framework of legal protections.

The European Union has long embraced privacy in a much more thorough manner than the U.S. has. Global companies, including Facebook, have spent the last two years preparing for a new privacy regime scheduled to arrive in Europe on May 25. The General Data Protection Regulation (GDPR) will implement a 21st century digital bill of rights for EU residents by updating privacy regulations that first went into effect in 1995.

Read the full article: How to Really Protect Your Digital Privacy: Move to Europe

Published on April 17, 2018 in Fortune

Posted in Articles | Tagged , | Leave a comment

Segment Your Campus Network for Stronger Security

Campus networks carry almost every type of network traffic imaginable. Faculty and staff computers are similar to the devices in any workplace, but they’re just the tip of the iceberg in higher education. Students connect video game consoles, smart assistants, cameras and even smart microwaves to the same networks that connect temperature sensors and research equipment.

Published April 11, 2018 in EdTech Magazine

Read the full article: Segment Your Campus Network for Stronger Security

Posted in Articles | Tagged , | Leave a comment

Feds Can Optimize Disaster Recovery Solutions in the Cloud

Every IT leader shares this nightmare: critical systems down, users enraged, data lost. Without reliable and timely access to data, political leaders and agency staff cannot carry on their work, and constituents cannot rely on their government. Disaster-recovery programs ensure those groups that their data will be protected from loss and available for use, no matter the emergency.

Published March 2018 in FedTech Magazine.
Read the full article: Feds Can Optimize Disaster Recovery Solutions in the Cloud 

Posted in Articles | Tagged , | Leave a comment

Encryption: Six Principles That CIOs Need to Know

“Encryption is an intimidating technology for many IT leaders because it is highly technical and relies upon complex mathematical algorithms. While CIOs can and should leave the details of encryption to their cybersecurity teams, it is important that they have a working knowledge of the technology to provide responsible leadership and oversight,” said Mike Chapple, adjunct research analyst, IDC.

IDC Research Report published March 2018.
Read the full report: Encryption: Six Principles That CIOs Need to Know

Posted in White Papers | Tagged | Leave a comment

It’s Time to Question Longstanding Password Security Best Practices

Nobody likes password policies. IT leaders dislike reminding users to yet again change their passwords, then bracing for an onslaught of angry help desk calls. Users dread coming up with yet another obscure combination of uppercase and lowercase letters, symbols and digits that they can remember for the next 90 days. It’s an unpleasant experience all around.

But there’s good news for those frustrated by unwieldy password practices. Cybersecurity professionals are now turning toward new policies that embrace the end user to make security a natural habit. These ideas are bolstered by recent changes in federal security guidelines related to password management.

Published February 2018 in FedTech Magazine.
Read the full article: It’s Time to Question Longstanding Password Security Best Practices

Posted in Articles | Tagged , | Leave a comment

4 Ways Data Loss Prevention Tools Fit Right into Layered Security Strategies

Cybersecurity pros often follow a defense-in-depth strategy, acknowledging the fact that controls will fail. Layered defenses are especially important in the open-computing environment of academia. Data loss prevention solutions are an important component of a layered approach to security. DLP scans content leaving the institution for signs of sensitive information and often serves as the last line of defense, stopping data exfiltration after other controls fail to prevent a breach.

Published January 2018 in EdTech Magazine.
Read the full article: 4 Ways Data Loss Prevention Tools Fit Right into Layered Security Strategies

Posted in Articles | Tagged , | Leave a comment

Six Big Cybersecurity Certification Changes for 2018

On the heels of one of the most significant years in cybersecurity history, organizations around the world are making plans to develop the cybersecurity skills of their technical teams in 2018. IT leaders recognize that the threat landscape continues to shift and that they require skilled cybersecurity professionals to protect their information and systems against sophisticated attackers.

Whether you’re already a cybersecurity professional, or you’re seeking to switch into an exciting, growing career field, there’s plenty of opportunity to go around. The field needs plenty of newcomers to fill the cybersecurity skills gap and opportunities abound for existing security professionals to ramp up their skills and earn internal promotions and opportunities at new firms.

Just as the changing threat environment is creating new staffing needs, it’s also leading the technical certification industry to increase their focus on cybersecurity certification programs. The next 12 months will be full of changes in professional certification programs and IT pros should pay careful attention. Let’s break down some of the biggest developments in the field as we enter the new year.

Published January 2018 in Certification Magazine.
Read the full article: Six Big Cybersecurity Certification Changes for 2018

Posted in Articles | Tagged | Leave a comment

2017 in Review: The Top Cybersecurity News Stories

2017 was quite a year in the world of cybersecurity! From the politicization of cyberwarfare to several major data breaches, hardly a week went by that cybersecurity issues didn’t appear on the front pages of newspapers around the world. Let’s take a moment to recap what I consider to be the 10 biggest cybersecurity news stories of the past 12 months.

Published December 2017 in Certification Magazine.
Read the full article: 2017 in Review: The top cybersecurity news stories

Posted in Articles | Tagged , , , , , , | Leave a comment

Mike Chapple, CISSP, Ph.D.

Mike is an IT leader, information security professional, author, speaker and trainer with over fifteen years of experience in the field.

Full Biography

@mchapple