Year End Analysis: Psychology of Security Challenges

Increasing Cyber Security awareness and what it entails  is more difficult than it seems. As in Bruce Schneier’s “The Psychology of Security“: And my older posts:  8/22/2014 ‘Psychology of Security’ 4/1/2015 ‘How much should I spend on Cybersecurity?’ Recently I have focused on Risk management for businesses, due to the nature of Cybersecurity and how … Read more

Cloud Compliance & Cybersecurity

Cloud Compliance? Do we even need it? Our data is in the cloud … therefore it is safe right? What does it mean to have compliance in a cloud computer?  So a cloud computer is a computer managed by “someone else”.   Compliance for various standards is all about your data. So we do have … Read more

Cyberjoke Friday v1.96 Thanksgiving edition Part 2

Short Cyberjoke Thanksgiving edition   GRC = Governance Risk, Management, and Compliance or is it Governance, Risk Management, and Confusion? there are jokes in Governance and Risk as well as Cybersecurity.   Above cartoon from The Data Governance Institute   the above cartoon from Healthcare Governance Review   Also from cattail.nu they had some good … Read more

Is It Enough to Patch Computers?

Once your computers, switches, firewalls and routers are all patched now what? All your devices on the Internet have been tested and configured correctly. And thus they are about as secure as can be. Now what?   Assuming the desktop and servers are patched and antivirus software is installed is there anything else to make … Read more

How Much Time Before Notifying a Breach?

I hope that there is something in place to understand when a breach occurs, but assuming there was a breach – and you found out. When should you notify? So let’s assume you are in Health Industry and protect the PHI or {Personal health information (PHI), also referred to as protected health information, generally refers … Read more