Something went wrong. Please try your request again later.
Follow to get new release updates, special offers (including promotional offers), and improved recommendations.
About Graeme Payne
Customers Also Bought Items By
Are you an author?
Help us improve our Author Pages by updating your bibliography and submitting a new or current image and biography.
Author Updates
-
-
Blog postI had an impromptu interview with Rafal Los from the well-known Down the Security Rabbithole podcast while attending the Security Alliance Forum in Dallas, Texas. Check out the Episode (DtSR Episode 363 – That Oh Shit Moment)
-
Blog postMy book, The New Era of Cybersecurity Breaches: A Case Study and Lessons Learned, is now available in the Amazon bookstore. Print and e-book versions are available at this time. I hope to add an audiobook shortly. The book describes the new era of data breaches and many lessons learned from large data breaches, including the 2017 Equifax Data Breach. Check out the book at Amazon and let me know your thoughts. Contact me to speak to your board or executive team.
-
Blog postI am excited to be a Keynote Speaker at the Atlanta ISACA Geek Week 2019 Conference in late August.
-
Blog postLooking forward to presenting “The Human Error” at SecureWorld Atlanta on May 29th. My session is 8.30am on Wednesday 29th: Session Description
SecureWorld Atlanta website
-
Blog postPleased to be sharing my story on May 23 at the Atlanta ISC2 Meeting.
https://atl-isc2.org/events.html
-
Blog postCheck out a new podcast series on The Equifax Breach. Produced by Spoke Media and sponsored by Carbonite, this series takes an in-depth look at one of the largest data breaches ever. I was interviewed as part of this production and appear on several episodes, especially Episode 3: What Went Wrong.
-
Blog postThis is my last article in my patch management series. In previous articles I have described many of the challenges of patch management. In this article, I am wrapping up this series discussing the role of security policies and the importance of implementing robust patch management processes.
All security frameworks refer to the importance of security policies within the organization. Security Policies provide the requirements or expectations for securing certain aspects of the enterp -
Blog postSee Previous Issue: Who is responsible for patch management?
In my previous articles I have discussed the importance of patch management and how this is a complex challenge in the modern enterprise. This article will focus on another challenge – knowing what you have in your IT environment. As a friend once told me “you can’t patch, what you don’t know you have”.
The December 2018 US House of Representatives Committee on Oversight and Government Reform Report on the Equ -
Blog postSee Previous Issue: Why is Patch Management so Complex?
“At the time of the breach, Equifax’s internal IT management process failed to establish clear lines of accountability for developing IT security policies and executing these policies” – US House of Representatives Committee on Oversight and Government Reform Report: The Equifax Data Breach, December 2018
In my previous article I talked about the complexity of patch management and some steps companies can take to ma -
Blog postSee Previous Issue: Is Patch management is as Simple as Forwarding an Email?
In my previous article, I talked about how the Equifax Data Breach congressional testimony of former Chairman & CEO, Mr Richard Smith, identified human error (not forwarding an email regarding the Apache Struts vulnerability), combined with a technical error, as the root cause for the September 2017 Equifax Data Breach.
Patch management – it sounds simple, right? A vulnerability is di -
Blog postIt is now a matter of public record that the cause of the Equifax breach that led to disclosure of personally identifiable information of 148 million American citizens was that a system running an open-source software known as Apache Struts was not patched. This allowed hackers to leverage the un-patched systems and extract data from this and other systems for several months without detection.
Since the Equifax Data Breach, several investigations have been announced, and some conclude -
Blog postI am excited to launch my new venture – Cybersecurity4Executives. For the majority of my career I have been helping organizations manage IT risks, including cybersecurity. I have consulted with large financial institutions, retailers, healthcare and technology companies. Most recently, I was responsible for IT risk management at Equifax and also CIO for Corporate Systems.
In October 2017 I was terminated from Equifax “for failing the forward an email regarding an Apache Struts v -
Blog postOn December 10, 2018 the US House of Representatives Committee on Oversight and Government Reform issued a report on The Equifax Data Breach. The comprehensive 96-page report provides a detailed analysis of the data breach announced by Equifax on September 7, 2017, affecting 148 million consumers.
I testified to the Committee as part of their investigation and parts of my testimony are quoted throughout the report.
The Report concluded that “Equifax should have addressed at le
Titles By Graeme Payne
