GRC Urban Legends Exposed

Governance, risk, and compliance, commonly referred to as GRC, has been a component of legacy security dogma and cyber security programs for years. It was created during a time (near the early 2000’s, depending on who you ask) when any definition of a security program was considered valid. Because of this, it persists in cyber...

Addressing the Cyber Security Resource Shortage

There is a lot of talk about a cyber security resource shortage in our discipline. I get this may seem like the case, and maybe it even is, however what I don’t understand is if the time of our cyber security resources is so valuable then why are all of us wasting so darn much...

Tips for CFOs to Stay on Top of Security

Cyber Security Tips for CFOs As organizations continue to prioritize security, CFOs are getting more involved with information security spend and even certain cyber security reporting frameworks. Here are our top tips for CFOs as they become more involved in different areas of cyber security:  Sales Process and Customer Requests  – Account for security planning...

Top 5 Reasons CFOs Should Care About Security

Why CFOs Need to Start Paying Attention to Security The current cyber security landscape is bringing itself to the forefront of company priorities, especially CFOs.  The reason for this can be attributed to the coming trends in security, especially in the way that the current state of security and the coming changes impact the bottom...

What is Progress-Based Security Program Development?

Developing Progress-Based Security Programs to Meet Company Goals We’ve discussed why a strict compliance-based approach to security doesn’t work, but these frameworks make a good starting point for progress-based approach to security. So, what does that mean?  A progress-based approach to security focuses on the ability to make good decisions, as well as the ability...

13 Reasons Strict Compliance with Cyber Security Best Practice Frameworks Don’t Mean You’re Secure

Progress-based security program development focuses on the ability to make good decisions while being able to implement those decisions in the shortest possible time frame.  Unfortunately, most organizations aren’t taking a progress-based approach to security. Instead, most are strictly complying with different best practice frameworks such as ISO 27001 or NIST 800-53, suggestions from certification...

Cyber Security Trends and Topics: What Awaits in 2019?

In our last article, we discussed what’s happened in 2018 that will carry over into 2019. Everyone who interacts with information security in 2019 will be facing tough decisions in the coming year. They will be forced to look in the mirror and ask what kinds of security programs they want to run. This means...

2018 Information Security Trends Set the Stage for 2019

What Happened in Information Security in 2018? Different trends in information security throughout 2018 have set the stage for 2019, which is the year that we’ll all have to look in the mirror and think about where our moral boundaries lie in security. Before we dive into the upcoming information security trends in 2019, we...

Security Program Trends: The Next Round of Security Program Development

Security program trends tend to move in a cycle. I sit in meetings today and hear people asking the same questions they asked back when I started in the cyber security space, only this time there are slightly different answers and solutions. I’ve highlighted some of the security program trends that I’ve seen previously to map...

How to Run an Effective Tabletop Exercise

When a cyber security incident happens, time is of the essence. This is why organizations need to design a plan of action in advance. Simply building a plan isn’t enough, however; every member of your team needs to know what steps to take first. This is why tabletop exercises are an essential part of every...