by John Verry | Sep 19, 2017 | InfoSec Strategies
I have written a couple of blog posts in recent months that touched on keys to avoiding ransomware and I stand by the recommendations that I’ve made regarding ISO 27001 scoping, security awareness training, and more. That being said, the...
by Chris Dorr | Aug 25, 2017 | Third Party Risk Management
An interesting and potentially troubling event happened in the information security world on Wednesday, August 16, 2017. It wasn’t a major hacking attack or a massive data breach. It wasn’t the release of a new security tool, or the failure of a critical...
by Chris Dorr | May 9, 2017 | Third Party Risk Management
As hacker monikers go, TheDarkOverlord (TDO) picked a pretty catchy one. Not much is known about this hacker yet (not even whether it’s an individual or a group, but I’m guessing the latter), but we do know a few things. They know what they’re doing. They’re an...
by Michael Walsh | Apr 6, 2017 | ISO 27001 Certification, Third Party Risk Management
Because I have both an audit background and an IT security background, I’m frequently involved in helping clients address contract issues. The activities vendors perform for your organization under contract are an extension of your internal processes. Thus your...
by John Verry | Apr 4, 2017 | Phishing
Sometimes information security involves taking two steps forward and one step back. Case in point, the recent evolution of many vendors from traditional Security Awareness Training to training with integrated anti-phishing services. With phishing being the source of a...
