Risk management is a fundamental requirement for all major information security frameworks, but there is little practical guidance for implementing a risk management program at small or young organizations. Existing risk management practices require varying levels of staff, expertise, tooling, and time — all expensive — as well as a mature concept of risk, when none of these necessities may be available. Consequently, there is an industry-wide need for a “minimum viable program” that allows organizations to manage risk despite lacking the prerequisites for more full-featured risk management programs. This white paper outlines such a program.
You’ve got frustrated users, availability and confidentiality issues. All from a temporary workaround that wasn’t fixed when it was relatively easier. Welcome to technical debt and the interest is accruing. Where non-kludged systems can be patched and upgraded within regular service windows without the entire IT department on call, fixing this monster will require serious planning.
If you were under a rock for the last few weeks, WannaCry is one of those cyber-security events that made it into regular news. If it hits NPR, that means everyone who knows me or at least strikes up a conversation at the bar will ask me my opinion.
If you're like many of our clients, you're in customer acquisition mode. You've spent a bunch of money to build your product or service, and the marginal cost to support a new customer is relatively small. They're buying the same thing everyone else is, so there's some additional load you need to meet.
Passwords, as a security solution, have become untenable. Whereas 15 years ago you might only have needed to remember two passwords, your ISP or your work password, now we have a plethora of passwords to keep track of. Power utility websites, water utility websites, bank websites, online payment websites, Facebook, Instagram, Twitter, Pinterest or any number of other sites that have our information. The guidance has often been to make passwords complex, alphanumeric, contain special characters, be as long as possible, oh and make them easy to remember but don’t reuse passwords and never write them down.
I don't want to bring up politics but this is the first U.S. election where cybersecurity had sustained, serious attention by the press and the candidates. Now that the election is over, will this focus mean we see a change in national cybersecurity policy? What changes might we see?
While I make my living doing security and the benefits are obvious to me, I've come to the realization that most of the time security and privacy don't sell consumer products or services. While good security won’t make the sale, weak security can concern customers and create sales objections.
You’re at a startup- a great idea, smart developers and an attractive website. You’re leveraging modern technology at its best- mobile aware, scalable cloud architecture. You’re offering other businesses a force multiplier to help them compete.