MQTT is not evil, just not always secure
The MQTT messaging protocol standard used by IoT vendors is not inherenly secure enough. Solutions exist to secure it, but organizations and vendors must assess risk and properly configure IoT and network security.
IoT messaging protocol is big security risk
MQTT, a popular IoT messaging protocol and Oasis standard, is often left wide open to attacks. Organizations like hospitals, prisons, and critical infrastructure are often vulnerable to IoT device compromise.
Anatomy of an insider attack
Planning for insider attacks requires attack path analysis. Using scenarios, like the one in this post, help identify weaknesses.
Identity governance and admin: beyond basic access management
IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.
It's all about critical processes
Critical processes run the business and should be the targets of risk assessments, pen tests, and vulnerability management procedures.
9 critical controls for today's threats
Many controls we've used for years can't effectively deal with today's threats. We must extend some and add others to prevent, detect, and respond to emerging threats to our business operations.
Ensure business continuity with change management
Change management is not an option. It is an important piece of business interruption prevention and helps ensure security risk does not drift up during projects and day-to-day activities.
Keep your critical systems safe
Critical infrastructure runs your organization. It creates and delivers products and services. It is also used to collect and process customer information during operations. If these systems are compromised, operations fail and...
Workarounds without data?
A big part of business continuity planning is making sure we have manual processes or other workarounds in place. They act as interim bandages to keep business processes moving forward. Many organizations, especially those required...
Business Continuity != Best Buy * Geek Squad
Never trust the salesperson to provide accurate information about maintenance agreements. Always check with the actual techs to make sure you are covered against four to six week business interruptions.
Does bug-fix speed reflect browser value?
Is it time to move from browsers with bloated code and slow bug-fix reaction times?
White House Blowing Smoke?
The White House Cybersecurity Coordinator wants us to believe that breaches into national infrastructure is simple hactivism.
Data Leakage: Catching Water in a Sieve
Data leaking from secure to user work locations creates a big data loss vulnerability.
Stop Repeating the Same Mistakes
Even if a solution seemed like a good idea a few years ago, that is no reason to perpetuate something which is now known to be a security vulnerability.
Playing Catch-up, Again
Controlling endpoint applications (installation, patching, hardening, etc.) is a difficult but necessary component of safeguarding your data and your network.
Learning from the Attack on the Apache Software Foundation
Even if we don't use Linux, there are lessons to learn from what happened to Apache.
Data validation: Ignore it and you lose
Failing to validate data causes several serious Web application vulnerabilities.
The Cyber-Czar Challenge: Nobody Really Wants Security
Obama's new cyber-car position is still empty, waiting for someone willing to work with no authority and to be a target for all the blame.
Use Compliance Requirements as a Guide, Not a Strategy
Security is not about compliance; it's about a comprehensive approach to protecting sensitive and critical information assets.
Social Engineering v. Physical Security
A large part of social engineering defense must be a set of interlocking, mutual supporting controls which help identify or thwart unauthorized access, even when assisted by unwary employees.
