Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
PCI Service Providers – Fines for Non Compliance
A number of clients have asked me about what sort of non-compliance fines or penalties they could potentially face as a PCI Service Provider, assuming there has been no security breach, but PCI DSS compliance has not been achieved. (more…)
Google Drive, SkyDrive and DropBox: You Are the Product, Not Them
Google Drive, SkyDrive and DropBox: You Are the Product, Not Them. There is a great little cartoon I’ve seen on the Internet in which two pigs are marveling at the free barn and free food they get to enjoy. The message of the cartoon is that they are not the customer; they are the product. (more…)
Mobile Device Management
Mobile Device Management – What was once the primary strength of Blackberry, enterprise-grade security and manageability features are now available across the majority of mobile operating systems. If your organization is considering the implementation of mobile technologies into your environment, you may find following comparison of mobile security and management capabilities from Infoworld to be very helpful: (more…)
Incident Response Readiness
An offering of ours, Incident Response Readiness, I think, is going to see a lot more attention in the coming year. Already noticing it. (more…)
10 Years of Malware and Threats
Again, from a Dark Reading article, Microsoft Studies 10 Years of Malware and Threats. Microsoft, in celebration of the 10-year anniversary of the launch of its Trustworthy Computing Initiative, published a special edition of its Security Intelligence Report. They looked at the past 10 years and how the cyber threat landscape has evolved. (more…)
The Modern Malware EcoSystem
Modern malware attacks are dominating the headlines and most of the focus is directed at the impact of an attack, the potential data loss factor or oftentimes the suspected perpetrator. An important element to understanding the full spectrum of these attacks is to understand the modern malware ecosystem. (more…)
Would You Bet on the IT Security of Your Network?
This was from an article published on Dark Reading recently. It was from a survey of 300 IT professionals, conducted by PhoneFactor, an authentication tool vendor. (more…)
I challenge you to do some Social Engineering tests!
As a follow up to Security Awareness Training, I challenge you to do some Social Engineering tests! (more…)
3rd Party Providers
3rd Party Providers. Remember when the big car companies in Detroit went through their quality measures and certifications, then began requiring all their 1st tier vendors to undergo the same quality certifications? This later trickled down to the multiple tiers of vendors that supported the 1st tier vendors. It was (is) called QS 9000. (more…)
When Security Interferes with Business . . . Business Trumps Security
Does Security Interfere with Business? In a mad dash toward security compliance or to plug known vulnerabilities, IT professionals have a tendency to implement security controls without thinking through what could go wrong with them. (more…)