Jean-Philippe Rivard Lauzier

M. Adm., CISSP, SSCP, CISA, OSCP
Canada Emergency Response Benefit (CERB) Fraud
Canada Emergency Response Benefit (CERB) Fraud

The Canada Emergency Response Benefit (CERB) is the financial support from the Government of Canada for Canadians who are directly affected by COVID-19. The Canada Revenue Agency (CRA) is responsible for managing applications and payments for the CERB to Canadians. As of August 30, 2020, the CRA received 24.

Personal Thoughts    |    September 13, 2020
Common Controls Framework by Adobe
Common Controls Framework by Adobe

There are several compliance frameworks these days that organizations have to implement for different reasons. I still see many organizations that struggle with all these frameworks. Each framework usually has an impressive set of objectives and controls. Does an organization have to process credit card information?

IT Compliance    |    August 17, 2020
Multi-factor authentication with YubiKey
Multi-factor authentication with YubiKey

Multi-factor authentication (MFA) is generally available these days with popular services e.g. Facebook, Google, Amazon, etc. Even more traditional industries, such as banks, are also doing, slowly, the same. A good mention here for my previous employer, a credit union, that has implemented multi-factor authentication around 2019.

Information Security    |    August 3, 2020
Master of Administration : Done!
Master of Administration : Done!

As always, I was not really active around for the last few months or even the last year. At least, I had a good reason this time. I was kind of busy writing my essay for the master’s degree. I began a graduate degree in September 2013 with a specialization in IT governance, audit, and security at Université de Sherbrooke.

Personal Thoughts    |    February 10, 2020
Website Update & Hugo Framework
Website Update & Hugo Framework

Well, I should definitely work on my master’s essay but I thought it could be a good time to update my website. Again. Less than 2 months after the previous version… WordPress to Hugo Framework WordPress is certainly the most popular blog platform.

Personal Thoughts    |    April 9, 2019
CISSP Certified and the Next Steps
CISSP Certified and the Next Steps

I finally obtained the Certified Information Systems Security Professional (CISSP) certification. It is definitely the most well-known certification in the information security industry and the one recommended for any professionals in this field. What is the CISSP? It is not necessarily the most technical or specialized certification.

Personal Thoughts    |    February 1, 2019
Are You Outsourcing Your Security With a Cloud Application?

You finally decided to use cloud services for your organization? Great! There are definitely many advantages. Your objective was also to outsource the security to the provider? Sorry, not quite. The security of your information will always be your own responsibility.

Information Security    |    August 1, 2018
Keeper Security and Random Deactivation
Keeper Security and Random Deactivation

We trust cloud services to keep our data secure. But we don’t always think about the impact in the event where the service would have some downtime. Even less in a situation where the provider would decide to disable the service.

Information Security    |    May 30, 2018
Your Hosting Provider is PCI DSS Compliant and You?
Your Hosting Provider is PCI DSS Compliant and You?

PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa.

IT Compliance    |    April 5, 2018
Are You Really receiving a Penetration Test Report?

There are more and more organizations interested in a penetration test, or simply a “pentest”, on their infrastructure. However, there is a requirement for specific skills and this expertise is not often available within most organizations. It is also a good idea to have an external opinion, someone who will be impartial and doesn’t know too much about the current configuration.

Information Security    |    February 22, 2018
Update: CISA Certification and Frequently Asked Questions
Update: CISA Certification and Frequently Asked Questions

In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates.

IT Compliance    |    January 17, 2018
Cloud Security with Object Storage
Cloud Security with Object Storage

Many cloud providers are often criticized for the security provided with object storage services. Even more after the disclosure of private information that occurred in 2017 by using these services. These security breaches were also from well-known organizations such as Verizon, Accenture, Booz Allen Hamilton, Viacom, National Security Agency, National Credit Federation, Australian Broadcasting Corporation, Department of Defense, Republican National Committee, etc.

Information Security    |    January 5, 2018