It continues to amaze me how so many companies still use the 25+ year old process of manual and error prone assessments. These companies rely on someone with a few pages of questions addressing a handful of security controls or policies, walking around to the different departments to hold meetings to figure out how they stack up against NIST, HIPAA, PCI, FFIEC, ISO or...
Read More
We all have the experience of purchasing cybersecurity appliances from time to time. When we do this, it’s imperative that we do so considering the overall design of the infrastructure. As I mentioned in a previous blog, it is very easy to overbuy appliances and create unnecessary risk exposure, not to mention wasting precious budget resources. The second, and equally important, factor to consider when buying...
Read More
Security hardware vendors spend a lot of time, energy and resources developing great and powerful technology to help us defend our companies against cyber attacks. Unfortunately, there are situations where they may be indirectly creating vulnerabilities that expose our networks to attacks. Here is a situation I experienced a few years ago that may be similar to what we have all gone through. Most of us...
Read More
Why are Fortune 500 companies continuing to fall victim to cyber attacks? This question has been a head-scratcher for many chief information security officers (CISOs) and other information security staff. What is causing these attacks when all of their security controls and appliances are in place? Sometimes it’s hard to believe that minor negligence can cause a severe compromise. Being in the InfoSec industry for over...
Read More