Open door? Game over.

Meet Henry, whose exploits prove that all the technical security controls in the world will not protect your business from an attacker who gains physical access to your network.

Tone Resonates Throughout an Organization: Be Sure It's the Right Note

When executives say the right things and act in ways which show clear support for security, then they are setting the right tone for the organization.

Server Virtualization and Control Contexts

Keep your data safe in a dynamic datacenter.

Cloud Computing: Making the Right Choices

Don't be swayed by cloud-related FUD. Educate yourself and your team, assess risk, and make a decision based on business value.

Data Security Responsibility Should Not Be 'Pushed Down'

Information's increasing propensity to move out of the data center is no reason to shirk responsibility for its protection.

A Different Approach to Infrastructure Continuity Management

This isn't for everyone, but it is a possible solution for fixed or mobile data centers located in hazardous or quickly changing operating conditions.

Risk Mitigation Drives Breach Prevention Costs

The objective of breach risk mitigation is to increase the effort necessary to successfully breach a network, system, etc. beyond the value gained by a successful attack.

Cyber-profiling: Benefits and Pitfalls

Cyber-profiling provides deeper insights into a prospective candidate's character. It can also send the wrong message.

Can You Demonstrate Business Continuity Readiness?

If a customer, auditor, or regulator asks for your business continuity plan, what will you hand them? Will it be enough?

How Integrated are Your Physical and Technical Controls?

Physical and technical information security controls must be more than mere acquaintances; it must be a marriage.

Twitter is a security risk... yes, and?

Twitter is a security risk. This is a ubiquitous topic in the blogosphere Net. As a recent joiner into the Twitter community, I can see how a service which allows 140 character comments to instantaneously appear on a Twitter site or...

Hacktivism: Are you vulnerable?

Through the years, activism has taken many forms. Marches, picketing, egg throwing, billboards, and sit-ins have been used to drive home a point, to change the behavior of governments, corporations, or societies. In developed nations,...

Swatting: Disruptive, embarrassing, and juvenile

Swatting incidents can cause business interruption or embarrassment for executives. For example, swatters can call in a fire, bomb, or other type of incident with impunity which would cause building evacuation. Disgruntled employees,...

Is Web site filtering an obsolete security control?

Today, cybercriminals are using pop-up sites and infecting servers owned by reputable organizations. When we react to these threats, they will find some other way to get to our data and systems. Knee-jerk responses often result in...

Design containment into technology implementations

It is easy to omit continuity event containment planning when designing a technology-based business solution. Here is an example of how a simple oversight caused a critical process to fail at hundreds of satellite locations.

Business Continuity Event Planning: Framework for root cause and continuous improvement analysis

The only way to mitigate risk associated with business continuity events is to prepare. It's unreasonable to believe events will never happen, that all business processes will continue to operate flawlessly. Planning, training, and...

Business Continuity Event Planning: Analysis and Remediation

In this post of the Business Continuity Event Management (BCEM) series, we continue event response and recovery planning with a transition from incident response to recovery operations.

Business Continuity Event Planning: Building a recovery strategy

A strategy built on unachievable assumptions results in incident response and recovery plans with little or no chance of success.

Unsure about your DNS security? Use a free, comprehensive vulnerability test

This week, I’m once again delaying the next installment in the business continuity event management series to discuss what I believe is one of the most valuable free solutions for identifying

Business Continuity Event Planning: Analysis and Containment

When a business continuity event (BCE) is detected, the first impulse is to jump and fix it as soon as possible. In many cases, this might work fine. However, the few times the jump-and-fix approach might actually cause more damage...

Load More
Top Blog Posts