-
Types of Penetration Tests
Today’s is an introduction into types on Penetration Tests. It is important to remember that Penetration Testing is done on mobile devices, technology in airplanes and boats and so much more than just infrastructure associated with networks.
-
An Introduction to Cyber Penetration Testing
Penetration Testing has many definitions. A penetration test, or sometimes pentest, is a software attack on a computer system that looks for security weaknesses, potentially gaining access to the computer’s features and data.
-
Transcript From Webinar I Conducted ISO 27035 Security Incident Management
I recently conducted a Training Webinar on ISO 27035 Security Incident Response. This is a transcript from the class that I taught. Please excuse any transcription errors.
-
Do Some Government Policies Unintentionally Create New Cyber Risk?
My posts have all been my original writing, but today is a summary of some thought provoking comments that I have found in my readings regarding government policies and cyber security.
-
Great Reading List for Cyber Awareness
I conducted a Webinar last week or 500 registered attendees, on the topic of preparing and mitigating risks related to Cyber Security. A number of the attendees requested a list of my preferred reading list. Please remember: Cyber Attackers read the same materials. This list will not help you be ahead of them in knowledge, but it is a list of resources to help you be more aware.
-
SSL/TLS and SSH Keys and Certificates at Risk
A study (PDF), released Thursday by the Ponemon Institute and underwritten by Venafi, included the responses of 2,300 individuals in Germany, France, Australia, the UK and the U.S. I have provided a summary of the Cyber Risk’s identified in the study.
-
How Much Is Your Information Worth???
Information is wonderful, so wonderful that hackers want it. They want Personal Data, Corporate Espionage Data, Health Data, and so much more. The question is how much is your data worth to them? The second question is how much is your data worth to you.
-
SEC Issues (Cyber) Risk Alert
The SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert notifying firms it will conduct IT security examinations of more than 50 registered broker-dealers and registered investment advisers.
-
Business Continuity Planning Training Budgets Being Pushed Aside
As a Continuity Professional, I have noticed more and more organizations cutting expenses by cutting planning for disasters. Budgets seem to be going toward Cyber Security. On first analysis this makes sense since Homeland Security beliefs are that Cyber Security is a very high possibility for a Terrorist Attack.
-
Creating Awesome Joint Cyber, DR, and BCP Tests/Exercises
What do Business Continuity Test/Exercise, Disaster Recovery Test/Exercise and Cyber Security Event Test/Exercise have in common? The most important thing is that all three are validating the organizations’ response capability.