Just as a doctor can’t treat a patient without a full understanding of the symptoms, you can’t improve your cybersecurity without a full...
Identifying, Containing, and Responding to Incidents
ALERT! ALERT! This is not a drill! You have an alert that was identified as legit, was pressure-tested, checked, and escalated to...
Preparing your Incident Response Plan
No two incident response plans are alike. What your plan looks like will depend on many variables, from the size of the company, the scope...
Incident Response 101
You already know you need an incident-response plan. But what should it look like? What’s involved in creating such a plan? I’ll help you...
Computing Environments
In the post “The Basics of Controls,” you read about different types of controls. Before you can do anything with all that knowledge, you...
Data Protection & Privacy Regulations: Digging Deeper
CTRL Center's Reference Desk offers a region-by-region survey of data-protection laws. Unfortunately, just like everything else relating...
Vulnerabilities Testing and Remediation
In the post, “Understanding Vulnerabilities,” I introduced you to my dear friends at MITRE, the NVD, and OWASP. You’ll want to get...
Understanding Vulnerabilities
In recent posts on this blog, I’ve talked about which bad guys are likely coming after your assets—that’s the who. We also discussed a few...
Defense in Depth: Is it Right For You?
Long before antivirus software was a twinkle in an engineer’s eye, humans were employing various strategies to protect their valuables...