The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

The Good Old Days Of InfoSec

See Article Here

One of the weekly functions of my high school interns are to research and send me articles they find on cyber security, law, privacy, etc. They don’t necessarily know the difference between an article and a vendor piece, which is what the attached is, but the point is to get me to thinking about a particular topic and share my thoughts. The attached article is about surveillance cameras and securing that infrastructure because unlike in the past when cameras were physically separated from the network and ran through coax, many video surveillance cameras today are transmitted over IP, meaning there is potential exposure to the internet, especially if the network is flat, i.e. no network segmentation. All that to say when I read this it got me to thinking about when I first started putting the three pillars of my career together, IT, Law and Investigations.

When I was studying for the CISSP exam there were 10 Common Body of Knowledge (CBK) areas that were covered by the exam.

  1. Access Control Systems and Methodology

  2. Telecommunications and Network Security

  3. Security Managmanet Practices

  4. Applications and Systems Development Security

  5. Cryptography

  6. Security Architecture and Models

  7. Operations Security

  8. Business Continuity and Disaster Recovery Planning

  9. Law, Investigations, and Ethics

  10. Physical Security

These CBK’s were designed to test (and thereby guide) a person’s knowledge toward thinking holistically about information security. The CISSP was not a difficult exam for me because those CBK’s lined up very well with how we viewed information systems security in the federal government, it was part of my day to day responsibilities. It was only when I started working in corporate that I became aware of silos. These silos have been a sticking point for me in my corporate career because that was not the way I was taught to think about information security. So, when there was a problem to be solved, I thought about it in a holistic fashion, and upon sharing my thoughts, found myself frustrated with the… politics of it all. 

As we fast forward, we now see that the silos are continuing, we have cyber security, privacy, data governance, compliance, etc. all with a different set of tools, looking at the same information putting their two cents in on how to protect it. The industry would have been better off continuing the initial CBK model and creating holistic professionals that would be able to see how all these pieces fit together.