Tag Archives: Risk Assessments

WHAT KIND OF SECURITY ASSESSMENT DO I NEED?

What kind of security assessment do I need? It’s a question we at HALOCK Security Labs hear all the time. Every regulation and information security standard in existence tells us that we must undergo some kind of regular assessment. But the security field has not been consistent in advising what kinds of assessments fit which purpose […]

THE FTC IS TELLING US THAT PCI DSS CERTIFICATION IS NOT ENOUGH. NOW WHAT?

As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]

Lessons in Risk Management: What We Should Learn from the FAA Fire

Author: Chris Cronin, ISO 27001 Auditor Too often in information security we focus on the confidentiality of personal information, ignoring the damage that can result from failures in integrity and availability. In fact, this is the main driver of much of our information security spending in the U.S. But the proper function of information and communications […]

Malware Defense is About Strategy before it’s About Technology

I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, […]