Let’s say you run an operational environment and you’ve spent years figuring out how to keep your production processes and core, life-enabling systems running at high efficiency and efficacy. But now, your IT group wants to connect your production and control systems to outside networks as part of new “IoT” (Internet of Things) initiatives. You…
Background The idea of Segmentation is pretty simple: put your crown jewels (i.e. your highest risk assets) in a small container, then heavily secure and monitor that. It is simply too difficult to secure everything equally. Why Now? With “digital” drivers to improve experiences, automate operations or change business models, there is now a need…
– JOIN TRUSTEDSEC ON July 25th, 2018 AT 1:00 PM EST – The End of the Beginning After 3+ years of hype, where are we now with Internet of Things security, and where are we going? There is continuing pressure to keep our business “things” secure and breach-free. With crashes and attacks now being reported…
There’s been a radical shift in the assessment industry over the last couple of years. We’ve all probably heard that Artificial Intelligence, Machine Learning, User and Entity Behavioral Analysis, Analytics, Detection and Response tools, etc., are advancing and improving defensive postures. According to Gartner, annual spending on defensive security technology will exceed $82 Billion dollars…
Why Derbycon is so good for the security community I had a chance to go to Derbycon for the first time this year. I was amazed at how great it was and a lot of fun of course, but there was more to it than that. I’ve been to many regional conferences, as well as…
Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means. This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be. These…
JOIN TRUSTEDSEC ON MAY 23rd, 2018 AT 1:00 PM EST There is continuing pressure to keep our information secure and breach-free. At the same time, management often doesn’t see the need of increasing budget if there isn’t an incident occurring or a compliance need. So how does someone in the trenches measure, monitor, and communicate…
In our work with clients on the General Data Protection Regulation (GDPR) (Regulation [EU] 2016/679), we have generally not seen organizations accomplish full compliance all at once. Instead of a full-on project, the actions we’ve seen have been addressed a little at a time. One client said they were just “chipping away at the stone,”…
