It seems like you can’t swing a cat without bumping into the CIS20 when you talk to people about their security programs. It’s one of the things that comes up far more often than ISO 27000, and even more often than the NIST CSF, but that seems to be changing a little. I have to […]
“Just winging it” is for birds, not your security program
How much of your security control environment has been driven by, basically, “it seemed like there was a gap” or, “it seemed like a good idea” instead of being traceably linked to real business requirements? Now, how many of those controls are the same ones that the user community complains the most about? Hmmm….any correlation? […]
Avoiding being n-trouble thanks to tomorrow’s security frameworks
Back in the day when I was a wet-behind-the-ears CS student with a 14.4K modem and a NeXTcube on my desk (yes, I was very lucky, and it was a helluva upgrade from my previous Zenith Z-183 laptop), I discovered the pbmplus library. I actually don’t remember why I needed it, but it was the […]
Are you the Evil Security Fairy?
Today, we have back-to-back school birthday parties for both of the youngsters. First it was for my daughter in the morning, and next, we’re going to one for our son. I guess some of the musical genes did pass through after all, because both of them love to sing when they’re in the car…and sometimes, […]
The 2-Hour ESA: fact or fiction?
How long would it take you to create an actionable enterprise security architecture from scratch for a project charter for an organization you’ve never seen and have no real industry knowledge about? One of the detailed examples I mentioned before that’s included in the book I’m letting you decide whether I should write is the […]
- « Previous Page
- 1
- …
- 36
- 37
- 38
- 39
- 40
- …
- 57
- Next Page »
