The Cybersecurity Information Sharing Act: What Does It Mean for American...
On October 27th, 2015, the US Senate overwhelmingly passed the controversial Cybersecurity Information Sharing Act of 2015 (CISA). The goal of this legislation is to encourage organizations to...
View ArticleIs Now the Time to Throw Out Your Anti-Virus Solution?
In this era of zero-day exploits, the effectiveness of anti-virus systems is waning faster than information security compliance frameworks can update their requirements for malware protection. For...
View Article3 Critical Steps to Prepare Your Business Now for Inevitable Ransomware Attacks
You need to protect your business now from the growing threat of ransomware attacks. The latest variants can sneak past your antivirus system, and they’re targeting not just your data files but also...
View Articlew3af: A Highly Effective, Open Source Web App Auditing and Exploitation Tool
The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase...
View ArticleJavaScript: To Be or Not to Be
I’ve been debating this lately: should businesses disable JavaScript on their users’ systems? For that matter, should I disable JavaScript on my own systems and devices? I have colleagues and friends...
View ArticleMitigating Single Points of Failure
A big part of recovery planning is identifying and mitigating single points of failure (SPOFs). SPOFs are the bane of disaster recovery and high availability for IT and the business as a whole. And...
View ArticleHere’s Why Internal Vulnerability Assessments Are Critical
The other day we had a project kickoff call with a new client who wanted to conduct penetration testing. Some questions quickly came up: Is external vulnerability assessment all we need? Or should we...
View ArticleConsiderations for Managing Fourth-Party/Supply Chain Risk
Cyber-criminals’ successful targeting of service providers has made vendor risk management an increasingly hot topic in information security. But what about risk from your vendor’s vendors… and their...
View ArticleDon’t Forget to Include Customer Risk in Your Risk Assessment
A week or so ago my wife, who’s a travel agent, parted ways with her employer. She decided to start her own travel planning business—an exciting proposition for both of us. One of the first things we...
View ArticleBenefits of Integrating ISO 27001 and ISO 9001
Part of the ISO 9000 family of quality management standards, ISO 9001 enables organizations to meet multiple overlapping legislative and regulatory requirements by providing the framework for a formal...
View Article