Remain calm, no need to panic…

We can now rest easy. A recent article from SecurityWeek quoted officials from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) that said, "The agency told SecurityWeek that it does “not have any confirmed compromises of federal agencies” resulting from the recently disclosed Log4j vulnerability tracked as Log4Shell and CVE-2021-44228." I can see how they arrived at … Continue reading Remain calm, no need to panic…

It Ain’t Over Till It’s Over

And it’s never over…. If the log4j crisis has proven anything, it is in justifying why the Center for Internet Security (CIS®) Top 18 controls are so vital. Rather than mandating controls to counter every possible attack vector (NIST 800-53 et al), the CIS Top 18 controls are periodically refreshed and reprioritized based on real-world … Continue reading It Ain’t Over Till It’s Over