It Ain’t Over Till It’s Over

And it’s never over…. If the log4j crisis has proven anything, it is in justifying why the Center for Internet Security (CIS®) Top 18 controls are so vital. Rather than mandating controls to counter every possible attack vector (NIST 800-53 et al), the CIS Top 18 controls are periodically refreshed and reprioritized based on real-world … Continue reading It Ain’t Over Till It’s Over

HRM Draft: Chapter 3 – Recognize the Threats

All too often, when discussing what could happen should a company suffer a cyber attack, security leaders will fall back into techno-babble and discuss the technical details of the potential incident. This is frustrating for business leaders who do not have a technical background, and this damages executive support for the security function. If the … Continue reading HRM Draft: Chapter 3 – Recognize the Threats