Perfect security is not possible, feasible nor required by law. In fact, information security laws and regulations require that we provide “reasonable and appropriate” security through a well-defined risk management process.
Without a risk-based approach, organizations attempt to address information security requirements by either attempting to comply with a long list of security controls, or by … Read More »
Log and Security Event Information Management are two of the 20 Controls that SANS lists for network security. They are also some of the more controversial ones. Logs are very much like digital fingerprints for one’s network and applications. It has great value for both noticing exploits (visibility) and forensically investigating those which … Read More »
The other day I met with an executive whose company had recently been hacked. He looks me in the eye and says, “It’s like I paid someone to punch me in the face…Repeatedly!” Getting breached is a huge pain that costs a lot of money, productivity, time and your reputation can suffer as well. … Read More »
“How can we recruit and interview candidates, all of which state they are interested on the phone, yet astonishingly, call to cancel the face-to-face interview before it takes place? One by one, they explain that they have accepted another position. What is it with these information security people?! I have never seen anything like … Read More »
Imagine one hundred container ships full of the most valuable U.S. assets heading to China every day. Diamonds, gold, oil, John Deere Tractors, priceless artwork, Chevy Corvettes, life-saving artificial hearts, books from our historic libraries, soybeans, the latest Intel® processors, Redwood trees, the genuine Constitution of the United States of America, the Statue of … Read More »