She-ra. Space hosting. Status Quo. The Usual Suspects. TEA and Taylor Swift…what I said and didn’t have time to say at BSides London
Just like Schrödinger and his quantum feline, most companies are just making assumptions about the state of their cybersecurity risks.
Did you think you were a driving god when you first passed your test? Are you 100% compliant with the latest security standards? Could there be parallel lessons to apply to mitigating InfoSec risks?
When it comes to cyber, information, IT (or whatever you choose to prefix it with) security, where do you draw a compliant and cost-effective line? Where, between gold-plated and the status quo, is good enough?
The why, what, how and what next of security policies. Now with a riposte from Phil Huggins who provoked this post and the linked articles by questioning the value of traditional written document sets
How do you avoid the situation that Sony currently finds its self in? How do you accurately assess potential loss and the likelihood of that loss occurring to make good security decisions?
A law firm has just suggested that PCI DSS assessors may actually be liable if they give a firm a clean bill of compliance health before a breach. The article calls out similar and complimentary […]
Lee Munson and Brian Honan always offer easy to understand security advice. Here’s the intro to Lee’s latest post on Heartbleed. I get a nice shout out, but it’s just one in […]