Clearly defined responsibilities and scope of authority for security organizations vary widely across different companies and industries. To help address this challenge, I have developed an organizational framework for the information security function. As a model, this should be considered a starting point for adapting to a particular environment, not a set-in-stone guide as to … Continue reading D.I.O.R. – A Model for Information Security Organization
Author: Michael Lines
No Silver Bullets
Proof once again that there are no silver bullet solutions in security, inspite of the marketing hype.
Craft for Notes
In my never-ending search for “Software that doesn’t Suck”, my latest find in my personal productivity quest is Craft - the note-taking power app by Luki Labs Limited.
HRM Draft: Chapter 5: Building Effective Defenses
So you have identified the likely attackers, the threats that their attacks pose, and how at a high level they will carry out these attacks. Now what? The traditional (and wrong) answer is to cover all your bases by adopting the most comprehensive set of controls possible. Whether it is NIST CSF, NIST 800-53, ISO … Continue reading HRM Draft: Chapter 5: Building Effective Defenses
Remain calm, no need to panic…
We can now rest easy. A recent article from SecurityWeek quoted officials from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that said, "The agency told SecurityWeek that it does “not have any confirmed compromises of federal agencies” resulting from the recently disclosed Log4j vulnerability tracked as Log4Shell and CVE-2021-44228." I can see how they arrived at … Continue reading Remain calm, no need to panic…