Tom Olzak
star Advisor
IDG Contributor Network
Want to Join?
Opinions expressed by ICN authors are their own.
Tom Olzak is an information security researcher and an IT professional with more than 34 years of experience in programming, network engineering and security. He has an MBA and a CISSP certification. He is an online instructor for the University of Phoenix, facilitating 400-level security classes.
Tom has held positions as an IS director, director of infrastructure engineering, director of information security and programming manager at a variety of manufacturing, healthcare and distribution companies. Before entering the private sector, he served 10 years in the U.S. Army Military Police, with four years as a military police investigator.
Tom has written three books: Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide. He is also the author of various papers on security management and has been a blogger for CSOonline.com, TechRepublic, Toolbox.com and Tom Olzak on Security.
The opinions expressed in this blog are those of Tom Olzak and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.
IoT messaging protocol is big security risk
MQTT, a popular IoT messaging protocol and Oasis standard, is often left wide open to attacks. Organizations like hospitals, prisons, and critical infrastructure are often vulnerable to IoT device compromise.
Anatomy of an insider attack
Planning for insider attacks requires attack path analysis. Using scenarios, like the one in this post, help identify weaknesses.
Identity governance and admin: beyond basic access management
IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.
It's all about critical processes
Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.
9 critical controls for today's threats
Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.
Ensure business continuity with change management
Change management is not an option. It is an important piece of business interruption prevention and helps ensure security risk does not drift up during projects and day-to-day activities.
Keep your critical systems safe
Critical infrastructure runs your organization. It creates and delivers products and services. It is also used to collect and process customer information during operations. If these systems are compromised, operations fail and...
Workarounds without data?
A big part of business continuity planning is making sure we have manual processes or other workarounds in place. They act as interim bandages to keep business processes moving forward. Many organizations, especially those required...
Business Continuity != Best Buy * Geek Squad
Never trust the salesperson to provide accurate information about maintenance agreements. Always check with the actual techs to make sure you are covered against four to six week business interruptions.
Does bug-fix speed reflect browser value?
Is it time to move from browsers with bloated code and slow bug-fix reaction times?
White House Blowing Smoke?
The White House Cybersecurity Coordinator wants us to believe that breaches into national infrastructure is simple hactivism.