March 26, 2012
Let’s start with a little exercise. Rate the risk for the following events. Going 15 mph over the speed limit. Using a public wireless internet connection at the airport. Using a third party for payment services. If you were to ask …
March 19, 2012
The ability to perform penetration testing against Cloud-based assets and environments is increasing in importance as more organizations begin to leverage the flexibility and cost-efficiency of virtualized and shared platforms. How is testing against these new environments different?
February 21, 2012
You may have seen some of the recent articles regarding a research paper that documented a discovered flaw in some commonly used encryption schemes, including those used for online transactions. I think it’s important to point out that the sky isn’t falling.
February 7, 2012
Most major information security frameworks such as ISO/IEC 27002:2005, the PCI Data Security Standard, and HIPAA, include annual or periodic risk assessments and yet a surprising number of organizations struggle with putting together a risk assessment process.
November 11, 2011
Many companies have been in this dilemma before, “if I update and publish this new policy our organization is immediately out of compliance, but no one will make any changes without the policy.”
October 26, 2011
The Cloud is giving me heartburn. This is why.
October 12, 2011
The influx of smartphones and tablet computers into the workplace have altered the threat landscape and require an update to security controls.
October 4, 2011
When it comes to application of security controls, many organizations have gotten pretty good at selecting and implementing technologies that create defense-in-depth. However, many organizations are still at risk because they can’t answer a simple question: where is sensitive data?
September 29, 2011
We all want to believe that our co-workers will do the right thing. That we need to focus our security efforts on the bad guys "out there." However the insider threat is one of the worst incidents that an organization can withstand.