About Thomas Johnson

As the Information Security Architect at Peters & Associates, Thomas Johnson (TJ) is responsible for providing security and compliance leadership. This includes such areas as vendor management, disaster recovery, business continuity, data protection, security products, budgeting and risk management. He has over 25 years of experience in security and technology and has extensive compliance related expertise in banking and healthcare. TJ holds many security related certifications as well as a Master’s Degree in Information Technology Management with a specialization in Information Security from the Illinois Institute of Technology in Technology. TJ focuses on Security Leadership, Risk Management, Information Security Assessments, Compliance Management and DR / BCP.

Understanding Email Retention

Email retention has long been a sore spot for many organizations and has been known to cause heartburn for both IT and legal personnel.  This has been an issue for quite some time, but a recent conversation with an organization I've worked with in Chicago for many years recently brought this up: they are still [...]

By |2019-01-02T13:48:13-05:00January 8th, 2019|Security Solutions|0 Comments

The New Office 365 Email Encryption

If you have been using Office 365 for encrypting emails, you are likely using the previous version of Office Message Encryption (OME).  It has been working perfectly for me for the last year or so.  However, the new version of OME is built on the Azure Information Protection and Rights Management platform.  This means you are [...]

By |2018-12-18T11:11:50-05:00July 25th, 2018|Collaboration, Office 365|Comments Off on The New Office 365 Email Encryption

Manual Log Review

When it comes to discussing Log Management with IT Professionals, feelings of angst, denial, and general despair tend to surface.  Most just don’t think it’s necessary or claim to have logging turned on “just in case.”  Sadly, I sometimes hear that they are doing “log review manually.” Let’s face it, log management and the associated [...]

By |2018-12-18T11:12:44-05:00June 20th, 2018|Advisory Services|Comments Off on Manual Log Review

Customizing Your Office 365 Portal

If you belong to an organization that has not customized its Office 365 portal, you will undoubtedly find the above graphic very familiar.  It is the generic landing page where you enter your credentials in order to gain access to Office 365 and its many features and applications. Microsoft is adding functionality to Office 365 [...]

By |2018-12-18T12:09:49-05:00November 8th, 2017|Security Solutions|Comments Off on Customizing Your Office 365 Portal

Configuring Office 365 to help in the battle against phishing and spam

Battling spam and curbing phishing attacks seem to be continual challenges for many organizations. While there are many technical controls to help fight the good fight, end users are largely responsible for handling junk mail and keeping a watchful eye out for the evil that lurks within email messages. There are many products that front-end [...]

By |2018-12-18T12:10:37-05:00September 27th, 2017|Security Solutions|Comments Off on Configuring Office 365 to help in the battle against phishing and spam

A Data Classification Project

In an earlier post (Starting the Azure Information Protection Conversation), I mentioned that organizations that don’t have a data classification standard and associated policy will have a difficult time implementing many information security related controls, such as DLP and rights management.  Data classification can also help with disaster recovery optimization, justifying spend on technology, and [...]

By |2018-12-18T12:11:44-05:00August 14th, 2017|Security Solutions|Comments Off on A Data Classification Project

Starting the Azure Information Protection Conversation

While Azure Information Protection (AIP) may not be the most commonly deployed solution in the EM+S product suite offered by Microsoft, it is certainly gaining ground. Recently, more customers are being drawn towards AIP for its tracking and control capabilities over the movement of confidential and sensitive information externally and within an organization. Furthermore, many [...]

By |2018-12-18T12:12:40-05:00July 7th, 2017|Security Solutions|Comments Off on Starting the Azure Information Protection Conversation

Migrating email to the cloud as a security strategy

I feel like this article could have been written about 5 years ago, but there are still many organizations that aren’t leveraging a security-rich, cloud-based email system such as Office 365.  Let’s face it, notwithstanding hard-dollar cost reduction, rarely is there a business need to switch email systems or email providers.  Migrating email to the [...]

By |2018-12-18T12:13:19-05:00June 21st, 2017|Security Solutions|Comments Off on Migrating email to the cloud as a security strategy

Do you own EMS? Get more out of it!

One of the many benefits of the cloud is that new features are being added to your licensing all the time. In many ways, the value of your license appreciates over time. Unfortunately, the pace of change makes it difficult for organizations to fully understand the capabilities of the tools that they own. The [...]

By |2018-12-18T12:14:13-05:00May 24th, 2017|Security Solutions|Comments Off on Do you own EMS? Get more out of it!

Manufacturing Meets Security

In April of 2015, NIST published the first public draft of something called SP800-171 which describes requirements for protecting controlled unclassified information on nonfederal information systems and organizations.  The government also published a regulation (DFARS 252.204-7012) that states that any entity that collects, develops, receives, transmits, uses, or stores defense information in support of [...]

By |2018-12-18T12:15:27-05:00April 26th, 2017|Security Solutions|Comments Off on Manufacturing Meets Security