Virtual CISO Services – Virtual CISO-as-a-Service comes of age

Posted on Posted in Governance, Risk Management and Compliance (GRC), Proactive Defense, Services
iphone

vCISO, or Chief Information Security Officer (CISO)-as-a-Service, is a concept whose time has come CISOs are hard to come by and good ones even more so. InfoSec professionals in general are tough to find and especially ones that can fulfill all the duties of a traditional CISO or InfoSec team: understanding business requirements, legal requirements, […]

Your Vendor is Lying to You

Posted on Posted in Education & Training, Governance, Risk Management and Compliance (GRC), Services
vendor-lying

The Target breach illustrated just how important vetting third parties is. The hack was successful for a number of reasons (including Target’s failure to act on the attack much earlier, when it was detected), but the initial breach happened through a small vendorwhich had single-factor remote access to Target’s network. It’s unclear what Target’s third […]

The Robbers Are Already in the Bank

Posted on Posted in Education & Training, Governance, Risk Management and Compliance (GRC), Incident Response and Investigation (IR), Proactive Defense, Services
robbers

Over the long history of banks, many mechanisms have been used to thwart would-be thieves. For instance, a bank would protect the transport mechanism (stagecoaches, armored cars) and heavily secure the soft-points, like tellers and bank branches. The vault was the most heavily protected. In the end, it was defense in depth and solid protection, […]