The Three Step Security Strategy

October 8, 2019
By in Attack Path Effectiveness Review, Business Risk Assessment, Operational Performance Maturity Assessment, Program Assessment & Compliance, Program Development, Program Maturity Assessment

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

Read
state of ohio seal blog graphic

Is Ohio Senate Bill 220 an Example for the Other 49 States?

May 16, 2019
By in HIPAA NIST CIS20 SOC ISO 27001 Assessments, Policy Development, Program Assessment & Compliance, Program Development

Passing with 24 yeas and 8 nays, effective as of November 2, 2018, Ohio Senate Bill 220 was touted as a way to use the ‘carrot approach’ for organizations to increase cybersecurity. This incentive was to encourage the shielding of data breach liability for organizations in certain situations. Excerpts from the bill are provided below….

Read
security risk graphic

Top Six Security and Risk Management Questions

March 12, 2019
By in Business Risk Assessment, Managed Services, Mergers & Acquisitions Security Assessment, Policy Development, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…

Read
yocum security analogy graphic

The Three Best Security Analogies I Know (and How to Use Them)

October 29, 2018
By in Program Assessment & Compliance, Program Development, Security Program Assessment, Security Program Management, Security Testing & Analysis

When it goes well, explaining security concepts to coworkers, friends, and family is one of the best parts of being in the security industry. It helps others make more risk-aware decisions, reduces ‘inarticulate tech geek’ stereotypes, and enhances soft-skills. Unfortunately, explanations do not always go well. Audiences need to be in the right state of…

Read
network map

Preparing for (IoT) Segmentation: Six Steps to Get Your Functional Requirements Right

July 12, 2018
By in IoT Security Assessment, Managed Services, Operational Performance Maturity Assessment, Program Assessment & Compliance, Program Development, Program Maturity Assessment, Security Program Assessment, Security Program Management, Security Testing & Analysis

Recently, a client of ours expressed interest in segmenting their existing, flat network. The existence of these types of non-segmented networks is still very prevalent, especially in the manufacturing, supply chain, and medical verticals. The primary reason the organization wished to move on this initiative was in an effort to reduce the scope of their…

Read
thinking icon

Building Upon Core Security & Risk Definitions

May 7, 2018
By in Architecture Review, Business Risk Assessment, Program Assessment & Compliance, Program Development

Security is evolving. That’s not news, but as it is happening not everyone can keep up with what that means.  This is especially true for those who have embraced maturing their risk and security programs, while still getting traditional assessments which have become commoditized and oftentimes not as valuable as they used to be.    These…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form