Enterprise (or Corporate) Security FrameworkEnterprise Security (or Corporate Security) is responsible for all the risk in your business assets and enterprise IT, including your…Jul 29Jul 29
Breach Readiness FrameworkEvery organization is going to experience a breach. Be prepared.Feb 51Feb 51
Data Governance FrameworkData Governance is the security team’s responsibility for understanding, identifying, inventorying, classifying, discovering, and…Oct 19, 20231Oct 19, 20231
Security Operations FrameworkSecurity Operations is the technology, controls, and processes that allow a security organization to be able to prevent, detect, and…Apr 5, 2021Apr 5, 2021
An Adversary’s Perspective: 2FABefore you turn on 2FA, think about it from an an adversary’s perspective.Mar 10, 2021Mar 10, 2021
Seven Deadly Sins of Security TeamsWhen I talk to organizations and executives, I see the same security mistakes and misconceptions over and over. I see security leaders…Jan 19, 20211Jan 19, 20211
Mature Controls at Any SizeIn this article I will describe a set of basic controls you can implement and scale that any size organization should have.Jul 7, 20201Jul 7, 20201
What You Need To Know About Cyber InsuranceMany organizations use cyber insurance to satisfy legal or regulatory requirements, as a financial risk mitigation, or as a last resort…Jun 29, 2020Jun 29, 2020
Adversary-Based Risk AnalysisMost risk analysis is done by assessing potential impact and ease of an attack. This kind of risk analysis that’s done in the absence of…Mar 25, 2020Mar 25, 2020
Adversary-Based Threat ModelingMost threat models start with attack surface or critical assets. Those threat models are useless and lead to bad decision-making. In this…Dec 24, 20193Dec 24, 20193