A risk appetite statement is important for CISO to align security with the business goals. The problem is many organizations don't have a risk appetite statement or know how to establish one. You can start the risk appetite creation process by starting with a financial statement. The financial [...]
The post breach lessons learned is an important part of recovering from a breach. The lessons learned phase is actually part of the PICERL model for incident response. We have seen a trend over the year of breached organizations skipping this step entirely. The incident response process has [...]
Tracking your wifi enabled Vehicle might not have been something you considered when you purchased that new car that came with a wifi hotspot. More and more cars are coming with this feature and I started to look closer at the possibilities of tracking a vehicle's movements based on the SSID and [...]
Ransomware is at the top of most organization's concerns when it comes to cybersecurity. It's not so much that there is a ransomware problem, it's that there is a basic information security controls problem. There are some basic things you can do to prevent a ransomware attack on your [...]
Casino ransomware attacks have been making the headlines lately. Our very own CEO, Catherine Sullivan, was recently interviewed by News 9 in Oklahoma City about the impact of ransomware on the average consumer. We have worked a number of related ransomware and other incidents with casinos and [...]
Security in the Cloud is a three part series about how to better protect your organization's digital assets in the cloud. This is a continuation from part two of the series. Cloud Defenses Scan for Unauthorized Connections across Trusted Network Boundaries. This means having the appropriate [...]
Digital forensics for law enforcement agencies is an initiative we started because be saw that many agencies are underfunded from a technology perspective. This results in dated equipment, lack of staff, and no budget for training. As part of this initiative we offer free workshops and [...]
Security in the Cloud is a three part series about how to better protect your organization's digital assets in the cloud. This is a continuation from part one of the series. Malware Defenses in the Cloud Malware defense is still an important consideration in cloud environments. Systems can [...]
Security in the Cloud can be difficult to understand for some organizations. There are some security benefits with moving to cloud architectures, but there are also risks organizations should be aware of. Moving to the cloud doesn't automatically mean more "security". One of the problems here is[...]
Data Governance Programs are important for controlling the data your organization processes, produces, and stores. Data is the greatest risk today in most organizations and is also the currency on which many organizations operate. Your data can be centralized in a certain location like a file [...]
Newsletter
