by John Verry | Aug 12, 2019 | InfoSec Strategies
In part 1 of this post I introduced Vilfredo Pareto and “The Pareto Principle” as applied to information security. The goal is to mitigate 80% or more of your InfoSec risk with 20% or less of the effort, by focusing on the most prevalent risk—which is associated with... by John Verry | May 11, 2018 | Penetration Testing
Editor’s Note: This post was originally published in September 2015 and has been updated for accuracy and comprehensiveness. For some time, CPA firms, qualified security assessors (QSAs) and similar entities that focus on security attestation have been including... by John Verry | Apr 16, 2015 | ISO 27001 Certification
Throughout 2014 and into 2015 with the recent Anthem Blue Cross breach, every few weeks with distressing regularity there has been a new breach or exploit of epic proportions. But the “shock and awe” surrounding December’s Sony Pictures hack has been unsurpassed:... by John Verry | Oct 21, 2014 | ISMS Consulting
Recently we blogged about rogue cell towers (also called IMSI catchers, stingrays or GSM interceptors) and the potential risk they pose of intercepting cell phone calls. An ongoing investigation into the proliferation of these devices has found rogue cell phone towers... by Michael Gargiullo | May 28, 2010 | ISMS Consulting
Ever need to work on a remote computer which is behind a typical firewall. Well if there is no inbound connectivity, you can play a bit of leap frog using ssh in order to gain access to that server. Here’s a quick example. For this example we’ll assume you...
