When writing a procedure, it will be necessary to ensure that the procedure is developed properly. There are procedure-writing requirements and for some reason, requirements seem to come in tens. So let us examine the ten requirements for procedure writing. … Continue reading →

The role Information Security (InfoSec) is nothing new to many organizations. InfoSec’s methods and best practices are well understood. Note I am distinguishing between being understood and well implemented. As technology and methods make incremental changes, InfoSec processes evolved accordingly. … Continue reading →

It seems that every decade or so has its new vision for IT services. In the past we’ve chanted mantras such as “virtual machines”, “distributed processing”, “client server”, “thin/thick client” and “web-enabled architecture”. The thought for today’s meditation is “cloud … Continue reading →

  Whether you are an Auditor, Manager or Application Owner, the knowledge you have concerning the current threat landscape will undoubtedly shape your approach to which preventative controls you either recommend or implement. Anticipating attacks by “thinking like a hacker” … Continue reading →

Network vulnerability solutions. Data loss prevention tools. Vulnerability scanners…. The myriad of tools available to the security industry seems to grow every year. As someone who has been in the security field for a long time, I’m amazed by the … Continue reading →

Our job is getting tougher every day.  I saw a friend and colleague at a CISO event in San Francisco in early December. I asked how it was going.  He said he was going to quit in 2 years. I … Continue reading →

If you did a Google search for the term “cyber security” in 2009 it would return 1.6 million hits. In 2012 that same search will find about 8.4 million hits. Adding “strategy” to that term in 2009 reduced the results … Continue reading →

If you’re responsible for information security testing (Web apps, network infrastructure devices, databases, wireless – you name it), do yourself and your organization a huge favor and don’t rely on the results of vulnerability scanners alone. Sadly, we’re seeing a … Continue reading →

You know you’re getting old when you start thinking about how things used to be, and for starters, I’ll give you that one. My days beating the 20-somethings in beach volleyball, running a marathon with little or no serious training … Continue reading →

Over the past few months, I’ve received quite a few messages from respected friends and colleagues around the nation that both surprised me and got me rethinking about a few simple questions: Are all of the top cybersecurity pros in … Continue reading →