2 min read
The Policy Labyrinth
You started with an Information Security Policy that covered the basics. Then one day an auditor walked in and asked to see your Data Destruction...
1 min read
Learning Not to Trust
Most of our IT infrastructures were built to trust. From the time users sign on in the morning until they log off at the end of the day, the network...
2 min read
What is "Best Practice"?
Over the years, I have become wary of the term “best practice” when it is applied to technology and cybersecurity. The term “best practice” is...
2 min read
Guidance on Obsolete Encryption Protocols
Networks rely on encryption to ensure that data is kept private and cannot be changed while at rest or in transit. In most cases this encryption...
2 min read
The Powerful GLBA Board Report
When the Gramm-Leach-Bliley Act was implemented, each regulatory agency adopted a set of interagency guidelines and regulations required for...
2 min read
Asset Management Lessons Learned from Morgan Stanley
Asset Management is one of the foundations of a sound Information Security Program, but it is also often neglected in the rush to replace or...
2 min read
Typ0squatting
We recently have seen an increase in “typosquatting” activity targeting financial institutions. Typosquatting is when someone registers a domain with...