Peter Gregory

Director, Information Security

Peter Gregory is a director in Optiv's Office of the CISO. He is a leading security technologist and strategist with a long professional history of advancing security technology, compliance and risk management at all levels of corporate culture. He has published more than 40 books and authored more than 30 articles for leading trade publications in print and online. 

 

Employees’ Contribution to Breach of Trust

· By Peter Gregory ·

This is a follow up article to our earlier blog post, Thoughts on Breach of Trust vs. Breach of Security. In his Optiv blog article, Mitch Powers stated that 1 in 5 employees would be willing to sell their password to an outside party. Is this a potential contributor to a breach of trust between organizations? Could such employees be identified prior to or during employment?

Continue reading

Thoughts on Breach of Trust vs. a Breach of Security

· By Peter Gregory, James Robinson ·

General thought: A breach of trust is different than a breach of security. Trust and security, while related, are very different from each other. In recent years, we have seen information security continuing to be defined with strong frameworks, guidelines, and support from regulators to security offices, while the concept of “trust” has just begun to emerge. In recent years we have seen Offices of Trust being defined in companies with the role of Chief Trust Officer.

Continue reading

Third-Party Breaches Will Continue Until Morale Improves

· By Peter Gregory ·

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-third and two-thirds of all breaches have their nexus in third-party service providers. Given the decade-long outsourcing trend that is not showing any signs of slowing down, this means that your organization has a decent chance of experiencing one directly or through one of your third parties.

Continue reading

Recovering From a Credential Breach, Part 2

· By Peter Gregory ·

Probably the most important step to take when a user suspects that his or her user account has been compromised is to notify the organization’s IT service desk. End users should notify the IT service desk right away in the event of the loss or theft of a laptop computer, tablet or smartphone.

Continue reading

Recovering From a Credential Breach, Part 1

· By Peter Gregory ·

A few years ago while on a business trip, I was out to dinner and left my luggage in my rental car (I had not yet checked in to my hotel). When I finished dinner and went back to my rental car, I found it had been broken into and my luggage was gone. My keyring with keys to my house, car and other places was in my luggage.

Continue reading

Control Maturity vs. Control Risk: A Client Discussion

· By Peter Gregory ·

A client for whom I serve as CISO advisor posed an interesting question to me last week, “What if we measure and report on control maturity instead of risk?” A productive and interesting discussion on the topic ensued over the next forty-five minutes. I had never before received this question, so I had to literally think on my feet.

Continue reading

Three Steps to Enhancing Your Third-Party Risk Program

· By Peter Gregory, James Robinson ·

In the world of third-party and vendor risk management, many new practices are being adopted. Over the past few weeks, members of Optiv’s third-party risk team have initiated conversations with key industry leaders through a series of roundtable discussions. These thought leaders own or participate in their organizations’ third-party strategies. During these sessions, we shared leading practices and principles, and identified a number of common trends.

Continue reading

OCC Updated Guidance on Third-Party Risk

· By Peter Gregory ·

Recently, the Office of the Comptroller of the Currency (OCC), released updated guidance for bank examiners as they scrutinize third-party risk programs in banks and other financial institutions.

Continue reading

What Makes Organizations Resilient and Why You Should Care

· By Peter Gregory ·

Information systems are inherently fragile. Operating systems and applications are very complex machinery, and considering how many changes (such as security patches and feature upgrades) are made, it should not be surprising to see how unstable they can be at times.

Continue reading

Why Wait for a Security Breach?

· By Peter Gregory ·

Headline-making security breaches have hardly faded away since the beginning of the year. Looking back on statements Neiman Marcus made to journalist Brian Krebs following their January 2014 breach might provide an answer as to why.

Continue reading
(11 Results)