“Rational Cybersecurity for the Business,” my upcoming book, will help business and security leaders see through misinformation, FUD, and hype. It will explain how to think about our challenging problems rationally, enable bold digital business strategies, and substantially reduce risk… Continue reading
How to Establish a Security Culture
Security culture is the set of ideas, customs, and social behaviors that impact security in an organization, both in a positive and a negative way. This is a fascinating discipline deserving of more coverage that organizations can apply to minimize… Continue reading
FAIRCON Showcases Quantitative Risk Analysis on the Cusp of Adoption
At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading
The New Vulnerability and Risk Management (VRM) Paradigm: Holistic, Dynamic, Adaptive
The ability to perform effective Vulnerability Risk Management (VRM) is an important marker of IT security maturity. Why? Managing the flow of vulnerabilities in complex IT environments is a major challenge. So is recognizing, categorizing, and prioritizing IT security risks.… Continue reading
DIY Access Control Pitfalls Webinar Featuring Dan Beckett
DIY access control can be problematic. Dan Beckett will be co-presenting with Axiomatics’ Gerry Gebel on:
Hidden Pitfalls of Do-It-Yourself Access Control Development and How to Avoid Them
Wednesday, September 26, 11:00am PST | 1:00pm CST | 2:00pm EST
Register… Continue reading
Blockchain and Decentralized Identity Presentation for ISACA GWDC Chapter
Security Architects Partners’ Dan Blum will be speaking September 20, 8:30 AM, at the ISACA Greater Washington DC Chapter’s Cybersecurity and Risk Conference (Register). Here is the presentation abstract:
Blockchain Technology and Concepts of Decentralized Identity
Blockchains are… Continue reading
Explaining What We Do: What’s Your Cybersecurity Elevator Pitch?
The cybersecurity elevator pitch is a key communication tool, but security pros tend to struggle with it. For example:
My cousin’s son Ben is an enterprising real estate agent and golfer living on a beautiful New England island. Your CEO… Continue reading
Open FAIR Complements Risk Management Programs
Open Factor Analysis of Information Risk (Open FAIR) from the Open Group is the industry standard for quantitative risk assessment, and the first successful methodology of this kind. Open FAIR consists of a Risk Taxonomy Technical Standard … Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 2)
Active Directory security threats are increasing per part 1 of this post, and organizations must deploy an array of preventative, procedural, and detection controls to avoid becoming one of the next victims.
The AD protection matrix above depicts a… Continue reading
Active Directory Security Risk Factors and What to Do About Them (Part 1)
Active Directory security is a critical infrastructure issue for almost all large global organizations, including those using identity-as-a-service (IDaaS) solutions. IDaaS deployments frequently synchronize cloud-based directory accounts or passwords from the premise-based AD installation. Or, even if the IDaaS (e.g.,… Continue reading