CISA, the US Cybersecurity & Infrastructure Security Agency, began an initiative to help organizations manage cloud risks with the Secure Cloud Business Applications (SCuBA) project. While there are...
Stephanie Goetz
Recent Posts
CrowdStrike and Supply Chain Risk Management—What Can we Learn From this Experience?
by Stephanie Goetz | Aug 2, 2024
Wow, how much technology has changed in the past 15 years? I remember when “vendor” reviews were uncommon, technology was hosted in-house in 95% of businesses, and arguments were made that a bad...
Artificial Intelligence–How will it be regulated
by Stephanie Goetz | Jun 7, 2024
Institutions are looking at services using Artificial Intelligence (AI), such as loan decisioning, resume review, and process automation. Using these services can be risky not only because of the...
Hacker Psychology
by Stephanie Goetz | Apr 26, 2024
Many of you have probably heard the adage that one of the best ways to catch a criminal is to think like one. Recently, I discovered several articles in a series called ‘Hacker Conversations’ by...
NIST Releases Cybersecurity Framework 2.0
by Stephanie Goetz | Mar 22, 2024
The National Institute for Standards and Technology released an update to its Cybersecurity Framework (CSF) late February. The CSF was originally created in 2014 to help critical national...
The Three Lines of Defense
by Stephanie Goetz | Jan 19, 2024
We have referenced this concept in blog posts previously related to growing your Information Security Program and ensuring independence in your Information Security Officer (ISO), however, we have...
What an interesting question and an article published recently gives us the answer, at least for today. Stephanie Carruthers, the chief people hacker for IBM X-Force Red, had her team take on...
Five Findings from the 2023 IBM Security Cost of a Data Breach Report
by Stephanie Goetz | Oct 20, 2023
I was reviewing the 2023 IBM Security Cost of a Data Breach Report this week and wanted to share some findings I found interesting. This report is published annually and that follows organizations...
NIST Cybersecurity Framework 2.0 Draft Updates
by Stephanie Goetz | Sep 8, 2023
The NIST Cybersecurity Framework (CSF) was initially developed in 2014 and was intended to be a living document, dependent on feedback from stakeholders. It was initially developed for critical...
Business Email Compromise: Attacks Immune to Multi-Factor Authentication
by Stephanie Goetz | Jul 21, 2023
They’ve come back around…those business email compromises, which were all too common in the late 2010s. Unfortunately, we have seen many of these in recent weeks, even with multi-factor...