Improving Your Security Posture in 3 Easy Steps
Security posture, which is the aggregate security status of all assets in your organization, has an inverse relationship with cybersecurity risk. If you strengthen your security posture, you reduce overall risk. Sounds great in theory, but aren't all infosec teams trying to reduce risk via a stronger security posture? What ... Read More
Maze Ransomware: Are You Vulnerable?
Yet another high profile ransomware outbreak. This time, the victim is $17Bn Fortune 500 consulting giant, Cognizant. The incident, which has caused disruption to clients, was the result of a Maze ransomware attack ... Read More
The Lean, Mean Vulnerability Management Machine
Pop quiz: What's the goal of your vulnerability management (VM) program? ... Read More
Leading an Economical and Efficient InfoSec Program
As the world begins to recover over the next several months, one thing is certain. Recent events will have taken a toll on the economy and leaders in every function, including information security, will be asked to make cuts. The extent of those cuts remain to be seen, but will ... Read More
Don’t Be Misled by CVSS Scores
CVSS scores are widely relied upon by enterprises to gauge how important it is to prioritize a vulnerability. CVSS scores provide a convenient means by which vulnerabilities can be compared for purposes of prioritization. Despite this convenience, there are a few pitfalls that can lead an organization to be misled ... Read More
Risk is a Parallel Circuit
Sometime in the late 1980's, Charles Darwin and Georg Ohm had a chance meeting when I found a 9-volt battery while walking down the street and stuck it to the front two brackets of my braces. You're likely already familiar with Darwin's work, but despite playing a hand in nearly ... Read More
Successful InfoSec Strategies Start with Asset Inventory
Most information security professionals are familiar with the Center for Internet Security, the non-profit most famous for publishing the CIS Controls and CIS Benchmarks. The Top 20 CIS Controls are widely used by organizations in the public and private sectors to help reduce the risk of data breach. Of the ... Read More
Today’s Weather and the Evolution of Cybersecurity
In today’s world, we take for granted the ability to pull out our smartphone and get a reasonably accurate 7-10 day forecast for anywhere in the world, but this hasn’t always been the case ... Read More
When CISOs Lose Their Jobs…
In his recent CSO Online article, 7 Security Incidents That Cost CISOs Their Jobs, writer Dan Swinhoe looks at some of the most high profile breaches in recent history that resulted in the CISO either leaving or being fired. In the article, Swinhoe quotes Dr. Steve Purser, head of core ... Read More
