French Caldwell

A member of the Gartner Blog Network

Entries Categorized as 'Cybersecurity'


Proposed NSA Reform on Bulk Data Collection Declared Illegal by EU Court of Justice

by French Caldwell  |  April 14, 2014  |  3 Comments

Not that it directly affects U.S. legal and constitutional considerations on the NSA phone records program, it is  still worth noting that last week the European Court of Justice declared the EU Data Retention Directive was a violation of the fundamental rights of EU citizens under the Charter of Fundamental Rights of the European Union [...]

3 Comments »

Category: Cybersecurity Legal IT public policy Surveillance     Tags: ,

Gartner Dubai Symposium: An Interactive Conversation on Security and Risk Management

by French Caldwell  |  April 8, 2014  |  4 Comments

A couple of months ago, the conference chair for Gartner’s Dubai Symposium, Mary Mesaglio, presented me a challenge.  She said, “French, we need more local content and more security content.  What’s possible?” Having made some trips to the Gulf region in the last year, I’d met some really interesting people and heard some great stories.  [...]

4 Comments »

Category: Cloud Cybersecurity Risk Management     Tags:

The Myth of EMV

by French Caldwell  |  March 25, 2014  |  7 Comments

Like most of us, since the Target hack, I’ve heard statements on how EMV is THE answer to credit card fraud, and how it’s been working great in Europe which has had it for 20 years.  If the business case were so compelling, wouldn’t EMV have made the trip across the Atlantic a long time [...]

7 Comments »

Category: Cybersecurity fraud Standards     Tags: , , ,

Hey, Corporate Director, Who’s Your CISO?

by French Caldwell  |  March 7, 2014  |  3 Comments

I’ve spoken to a few corporate boards on IT governance and risk management, and I’ve one question that I always ask — but first let me clarify this Target CISO tweet with my twitter handle on it. In an internal Gartner e-mail thread about the Target CIO resigning, I added some irony, writing:  “Another good [...]

3 Comments »

Category: Cybersecurity IT Governance     Tags: , , , ,

#RSAC Buzz — Regulators Raising the Bar on Vendor Risk Management

by French Caldwell  |  February 27, 2014  |  2 Comments

  I went to the RSA conference once  — it was really busy and hearing from my buddies at the front, it’s now busier than ever.  So much for the boycott, eh? A lot of my security buddies are at RSA this week, and are broadcasting the buzz back to the rest of us here [...]

2 Comments »

Category: Cloud compliance Cybersecurity Risk Management Third Party Risk Management Vendor Contracts     Tags: , , ,

WSJ: Target Warned of Vulnerabilities Before Data Breach

by French Caldwell  |  February 15, 2014  |  1 Comment

I wouldn’t read too much into the headline of this WSJ article.  Security intel people warn of problems all the time – it’s their job.  A real bit of news is in the last paragraph of the article: Several members of Target’s cybersecurity team left the company in the months before the hack, according to [...]

1 Comment »

Category: Cybersecurity     Tags:

Leaving the Screen Door Open for the G-Man

by French Caldwell  |  July 17, 2013  |  2 Comments

Colleagues today were discussing again the Snowden revelations about service providers giving governments access to digital business and social media data.  One colleague suggested that we should not use the term back door in this context since by the traditional IT security definition this would imply that government agencies had direct access to the operational [...]

2 Comments »

Category: Cybersecurity public policy Social Technology Uncategorized     Tags:

Will IT GRC Begin to Die This Year?

by French Caldwell  |  January 3, 2013  |  1 Comment

I had a good discussion with Erik Heidt today about IT GRC management tools.  We were talking about why there is an IT GRCM market that is distinct from the EGRC platform market.   It’s clear that there is a separate market — vendors like Agiliance, RSAM, Lockpath and Modulo are IT GRC specific.  The buyer [...]

1 Comment »

Category: Applications compliance Cybersecurity GRC Risk Management     Tags:

One Week Left to the Rockefeller Cybersecurity Deadline — CEOs, What Do You Want To Do?

by French Caldwell  |  October 12, 2012  |  Comments Off

In the last week I’ve had two calls with companies deciding how to respond to the cybersecurity letter that Sen. Rockefeller sent to the CEOs of Fortune 500 companies.  The deadline to respond is 19 October. CEOs are not required to respond, and with the demise of the Cybersecurity Act of 2012, it’s tempting not [...]

Comments Off

Category: Cybersecurity public policy Risk Management     Tags: , ,