Externalizing DMZ-as-a-Service
We’ve been having a great “cloud DMZs” discussion. It started with a blog post from Ivgeni Broitman at Sentrix titled The DMZ Is So 1998 – Welcome the Cloud DMZ. Broitman begins by asserting DMZ’s… Continue reading
Can a 5GL Digital Process Modeling Language “Save Cybersecurity?”
Larry Karisny, the director of Project Safety.org, wrote an interesting post in which he argues that systems built on 3rd and 4th generation programming languages are inherently insecure as they grow more complex. He highlights current cybersecurity challenges and makes… Continue reading
Shouldn’t Facebook Provide Better Resistance to Cloned Accounts?
This is a real request, not just a gratuitous blog post. A friend of mine has been attacked on Facebook. Her account has been cloned. I’m way too busy consulting this week to drop everything and track… Continue reading
Invitation to Security Governance Webinar
If you’ve been following our Security Governance blog series you’ve heard our view that at the root of most of consulting engagements you’ll find a governance problem. In our ongoing mission to help customers make sense of… Continue reading
Je suis Charlie – In Cyberspace
Sony of cyberattack fame is not French, nor as sympathetic as Charlie Hebdo and didn’t suffer a loss of human life in its (latest) breach. Otherwise, “Je suis Sony” might have rhymed just as well as #jesuischarlie.
Five Essential Questions for Matrix Security Governance
Previously on Security Architect, Security Governance (Part 2): Operating the Matrix. There, I summarized what line of business security groups, Group IT ISO, and executive committees for risk, audit and compliance actually do. Based on our experience… Continue reading