In the post, “Understanding Vulnerabilities,” I introduced you to my dear friends at MITRE, the NVD, and OWASP. You’ll want to get...
Understanding Vulnerabilities
In recent posts on this blog, I’ve talked about which bad guys are likely coming after your assets—that’s the who. We also discussed a few...
Crossing the River of 2023
With the Chinese New Year beginning on January 22, we leave the fearsome Year of the Tiger and scurry into the Year of the Rabbit. In the...
Threat Assessments
In order to get a handle on who is coming after your data and how to stop them, you’ll need to perform some threat assessments. Sounds...
Threats, Part II: External
In Threats, Part I, I talked about internal threats—such as current and former employees and subcontractors—who may have ill intent or may...
Threats, Part I: Internal
In Asset Classification Basics, I introduced one of the most basic tenets of cybersecurity: if there’s something of value to you (an...
Asset Classification Basics
You may wonder: why am I putting myself through this misery? What’s it for? You know the answer: to protect your business. But in order to...
Mission, Culture, and Information Technology
Before you can develop an effective cybersecurity program, you need to understand where you are as a business and where you are headed in...
A (Very) Brief History of Privacy
Defining privacy is useful but insufficient. We will soon confront regulations governing privacy that directly impact the way we do...