Social Engineering – At What Cost?
Over the last several years we have seen a real ramp up in the percentage of our engagements that include some level of social engineering. We view social engineering as a distinct and far less...
View Article“Certified” Penetration Testing Company
It’s not uncommon for potential client to ask “Is your company certified to provide Penetration Testing?”. It’s a great question and one that unfortunately does not have a good answer – YET. Via a...
View Article“Operationalize” Critical Vendor Risk Management (Before You Regret Not Doing...
Most organizations are reliant upon hundreds or thousands of third-parties for products or services that are integral to their operation. Unfortunately most organizations do not do a good enough job...
View ArticleWhat do Utilities and Oscar Wilde have in common?
Wilde is widely known for his masterpiece “The Importance of being Earnest,” written in 1895 … but it’s something else he wrote that relates to utilities in 2012 … Last week we blogged on a Carnegie...
View ArticleHow OSCAR (not Mayer) Saved our Bacon
There are two axioms that represent different sides of the same coin that are relevant to this blog post: “The cobblers children always go barefoot … ” and “eating your own dog-food.” The good news is...
View ArticleISO-27010 – Information Security Guidance for Information Exchange
Our Ethical Hacker Roundup last week included a blurb on stricter laws to protect patient health information (PHI) in Health Information Exchanges (HIEs). That led me to download and read the new...
View ArticleThe Electricity Subsector Cybersecurity Capability Maturity Model – Is It Too...
The Department of Energy (DOE) recently published The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), which allows electric utilities and grid operators to assess their cyber...
View ArticleIs “Information Security” still “Information Security”
I had the opportunity to do a lunch-and-learn with a group of high-level business people who were not directly involved in information technology/information security. I was asked to “highlight the...
View ArticleIs Low-Tech Fraud on your InfoSec Radar?
As businesses invest in more advanced security, cyber criminals are shifting to low-tech attack vectors like social engineering (especially phone fraud), phishing and skimming. Low-tech fraud is any...
View Article3 Ways that Information Security Differs from IT Security—and Why You Should...
The terms “IT security” and “information security” are widely believed to mean the same thing, and are used synonymously across our industry. But they actually mean different things—and understanding...
View ArticleHow the Apple and FBI Battle Illustrates the Benefits of a Fully Functioning...
In the last couple of days, the Internet has been in an uproar over a court order compelling Apple computer to assist the FBI with gaining access to an iPhone that was used in the 2015 San Bernardino...
View Article“Certified” Penetration Testing Company
It’s not uncommon for potential client to ask “Is your company certified to provide Penetration Testing?”. It’s a great question and one that unfortunately does not have a good answer – YET. Via a...
View Article“Operationalize” Critical Vendor Risk Management (Before You Regret Not Doing...
Most organizations are reliant upon hundreds or thousands of third-parties for products or services that are integral to their operation. Unfortunately most organizations do not do a good enough job...
View ArticleWhat do Utilities and Oscar Wilde have in common?
Wilde is widely known for his masterpiece “The Importance of being Earnest,” written in 1895 … but it’s something else he wrote that relates to utilities in 2012 … Last week we blogged on a Carnegie...
View ArticleHow OSCAR (not Mayer) Saved our Bacon
There are two axioms that represent different sides of the same coin that are relevant to this blog post: “The cobblers children always go barefoot … ” and “eating your own dog-food.” The good news is...
View ArticleISO-27010 – Information Security Guidance for Information Exchange
Our Ethical Hacker Roundup last week included a blurb on stricter laws to protect patient health information (PHI) in Health Information Exchanges (HIEs). That led me to download and read the new...
View ArticleThe Electricity Subsector Cybersecurity Capability Maturity Model – Is It Too...
The Department of Energy (DOE) recently published The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), which allows electric utilities and grid operators to assess their cyber...
View ArticleIs “Information Security” still “Information Security”
I had the opportunity to do a lunch-and-learn with a group of high-level business people who were not directly involved in information technology/information security. I was asked to “highlight the...
View ArticleIs Low-Tech Fraud on your InfoSec Radar?
As businesses invest in more advanced security, cyber criminals are shifting to low-tech attack vectors like social engineering (especially phone fraud), phishing and skimming. Low-tech fraud is any...
View Article3 Ways that Information Security Differs from IT Security—and Why You Should...
The terms “IT security” and “information security” are widely believed to mean the same thing, and are used synonymously across our industry. But they actually mean different things—and understanding...
View Article
