Yes November 8th was election day in the USA. And in the Computer World it is yet another Microsoft Patch Day (2nd Tuesday of month). So what is so important about yet another patch day? As a Security pro we must focus on the vulnerabilities that may change our Risk analysis. So Internet Storm Center … Read more
There is an organization which has a solution to the next steps after you have some compliance set up: OCEG with their pdf “A Maturity Model For Integrated GRC” First page of report: As in title the goal is integrated GRC where the company business goals are intertwined with Compliance, Risk, and Governance. It … Read more
The hacker must have a method in starting an attack like Dynamic Denial of Service (DDOS). in the last few days. the one which used hacked cameras and DVRs (Brian Krebs story) in attacking many Internet properties. Im sure you have seen the many media stories about this DDOS attack on various media (including Computerworld) … Read more
I’m often thinking where the next attack can come in and unfortunately it may come where we least expect it. Spiceworks blogpost has an interesting angle: How often have cloud services been installed by users without IT department knowledge? The survey by Spiceworks has found that many IT people have found their users installing cloud … Read more
The Security Conversation has to change. Unknowing we(us humans in business and more) create a scenario which prevents us from being more secure Our Psyche seeks risk when confronted with loss decisions but seeks safety when confronted with gain decisions. This has been studied (Previous post as well) and is accurate for 70% of the … Read more
