Information Security Blog

About this Blog

As an opinionated person by nature, the biggest challenge of spending my days toiling as an Information Security Auditor is the obligation to be able to demonstrate a “basis for your opinion” (which isn’t nearly as fun as “shooting from the hip”). So that growing frustration, along with the ever intensifying pleas of our Sales & Marketing Director about the importance of blogging to our online marketing efforts (I think he is just hoping he can justify his Ad Words budget), has resulted in the words you may be (or likely are not) reading.

I’m half looking forward to being a blogger. Hopefully, it will restore some of my rapidly waning tech cred that peaked around the time himem.sys and QEMM were no longer necessary to get your 24 pin wide carriage dot-matrix running optimally. The other positive is that the vast majority of the writing I do these days is formal audit reports that are subject to multiple layers of QA — so “letting it rip” should be fun.

I’m half not looking forward to being a blogger — things are already busy — and with the economic downturn it seems like working harder to stay where you are is going to be a reality for the near future. With a nothing ventured – nothing gained attitude and the fall-back that we can shut it down if we fail to execute — here goes.

A couple of closing thoughts:

We will do our best to post entries no less than once a week — if we can’t do that we are wasting our and your time.
Opinions may be irreverent, based on known erroneous data, and be self-serving — if its a good enough standard for the NY Times its good enough for us.

As we do with everything — we hope that the blog will provide mutual benefit to us and the reader. Hopefully, we will offer a pearl or two that will be seen and make a difference for someone. In turn, hopefully Karma will refer some business to us.

Thanks,

John Verry

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Five Best Practices for SIEM

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Simplify compliance monitoring/reporting
Vastly improve Incident Detection & Incident Response
Contextualize event information with other business relevant information

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

How to deal with increasing threats
How to manage multiple regulatory requirements
How to handle client requests for attestation
To validate that significant changes did not have unanticipated results

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.