CISSP Certified and the Next Steps 768 432 Jean-Philippe Rivard Lauzier

CISSP Certified and the Next Steps

I finally obtained the Certified Information Systems Security Professional (CISSP) certification. It is definitely the most well-known certification in the information security industry and the one recommended for any professionals in this field. What is the CISSP? It is not necessarily the most technical or specialized certification. It would seem that information security is one unique specific area but it’s…

Photo by rawpixel on Unsplash
Are You Outsourcing Your Security With a Cloud Application? 2919 1766 Jean-Philippe Rivard Lauzier

Are You Outsourcing Your Security With a Cloud Application?

You finally decided to use cloud services for your organization? Great! There are definitely many advantages. Your objective was also to outsource the security to the provider? Sorry, not quite. The security of your information will always be your own responsibility. You will still have some shared responsibilities with the cloud provider. True, you will probably manage less technology controls…

Keeper Security and Random Deactivation 1280 720 Jean-Philippe Rivard Lauzier

Keeper Security and Random Deactivation

We trust cloud services to keep our data secure. But we don’t always think about the impact in the event where the service would have some downtime. Even less in a situation where the provider would decide to disable the service. Well, I had the last situation with one provider, Keeper Security. Context All started in June 2017 when I…

Your Hosting Provider is PCI DSS Compliant and You? 1280 720 Jean-Philippe Rivard Lauzier

Your Hosting Provider is PCI DSS Compliant and You?

PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa. These organizations are still on the PCI SSC’s executive committee.…

Photo by Markus Spiske on Unsplash
Are You Really receiving a Penetration Test Report? 5760 3840 Jean-Philippe Rivard Lauzier

Are You Really receiving a Penetration Test Report?

There are more and more organizations interested in a penetration test, or simply a “pentest”, on their infrastructure. However, there is a requirement for specific skills and this expertise is not often available within most organizations. It is also a good idea to have an external opinion, someone who will be impartial and doesn’t know too much about the current…

Update: CISA Certification and Frequently Asked Questions 1280 720 Jean-Philippe Rivard Lauzier

Update: CISA Certification and Frequently Asked Questions

In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates. However, it seems that exams are not on specific dates anymore but within 3 specific testing…

Photo by frank mckenna on Unsplash
Cloud Security with Object Storage 3981 2595 Jean-Philippe Rivard Lauzier

Cloud Security with Object Storage

Many cloud providers are often criticized for the security provided with object storage services. Even more after the disclosure of private information that occurred in 2017 by using these services. These security breaches were also from well-known organizations such as Verizon, Accenture, Booz Allen Hamilton, Viacom, National Security Agency, National Credit Federation, Australian Broadcasting Corporation, Department of Defense, Republican National Committee, etc.…

NIST and the Digital Identity Guidelines 150 150 Jean-Philippe Rivard Lauzier

NIST and the Digital Identity Guidelines

The NIST published last June the final version of the Digital Identity Guidelines also known as SP 800-63. This publication was a draft since 2016 and they even asked for comments from the community on GitHub during the summer 2016. All these comments were inputs for the final publication. Many posts on the Internet mention these changes. But I think it is…

October 2017 : Security Breaches 150 150 Jean-Philippe Rivard Lauzier

October 2017 : Security Breaches

The data security breaches occurred/disclosed in October 2017. Disqus The popular commenting system was breached in 2012. Disqus got notified by Troy Hunt, a security expert, who obtained a copy of the data. According to the company, the data exposed are from 2007 and involve 17.5 million users. Among the user’s information stolen include email addresses, usernames, sign-up dates and last…

iDNS: Scam Going On for More Than 15 Years 150 150 Jean-Philippe Rivard Lauzier

iDNS: Scam Going On for More Than 15 Years

You probably already received one of these letters if you have registered a domain name in the past few years. The company behind these letters is Brandon Gray Internet Services Inc. The worst part is the fact this is a legitimate organization registered and operating in Canada (Markham, Ontario). I thought for a long time it was only a scam here,…