Jumpstarting Your Cyberdefense Machine with CIS Controls V7

Amidst the volatility, uncertainty and noise of the cybersecurity field, few best practice frameworks have emerged as consistently reliable and useful as the Center for Internet Security (CIS) Security Controls. Recently updated as version 7.0, the CIS Controls represent the most important security controls that an organization must implement to ... Read More

Security Mindset: Balancing Firmness and Flexibility

Navigating the noise, complexity and uncertainties of the cybersecurity landscape demands clear thinking. But that’s no easy task. The security professional today has to be knowledgeable about the organization’s own environment, business needs and risks, compliance requirements, best practice frameworks, internal policies and procedures, and the crowded market of product ... Read More

Excellence in the Essentials: Implementing Foundational Controls

It’s not about whether you implement foundational controls but about how well you do it. Only when excellence in the essentials of security and compliance are achieved, will an organization be able to have confidence that it is able to mitigate most cyber threats. We as cyber-defenders have an embarrassing ... Read More
The State of Security
“Cyber” Is Not an Appropriate Risk Category

“Cyber” Is Not an Appropriate Risk Category

“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of ... Read More
The State of Security