by Terry Crowley | Jun 14, 2018 | InfoSec Strategies
Speaking at the recent CyberUK conference in Manchester, Dave Hogue, senior technical director of the Cybersecurity Threat Operations Center at the NSA, flatly stated: We have sophisticated adversaries using unsophisticated means to cause great damage. In fact, I’ll...
by John Verry | May 11, 2018 | Penetration Testing
Editor’s Note: This post was originally published in September 2015 and has been updated for accuracy and comprehensiveness. For some time, CPA firms, qualified security assessors (QSAs) and similar entities that focus on security attestation have been including...
by Terry Crowley | Jan 17, 2018 | InfoSec Strategies
As organizations of all sizes flock to public cloud environments like Amazon S3 and Microsoft Azure, an incredible number (one report says up to 40%!) are failing to close the proverbial door behind them—and leaving huge volumes of sensitive data exposed to public...
by Jeremy Sporn | Sep 22, 2017 | InfoSec Strategies
What Happened? We now know the Equifax data breach, which impacts almost 60% of the US adult population, was preceded by another breach or series of breaches of unknown magnitude back in March. We also know the July mega breach exploited a flaw in third-party code...
by Jeremy Sporn | Jul 21, 2017 | InfoSec Strategies
The single most critical and effective measure for reducing cyber security risk is a robust patch management program that allows you to quickly and efficiently apply vendors’ software patches. Known vulnerabilities are a hacker’s favorite attack points, and many of...
