Want Better Alerting? Consider Your Business Processes

May 19, 2020

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

Read

Vendor Enablement: Rethinking Third-Party Risk

April 30, 2020

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

Read

Is Zoom’s Lack of End-To-End Encryption a Problem?

April 2, 2020

All of the work-from-home activity coupled with all of the media about Zoom’s lack of end-to-end (E2E) encryption has resulted in a few clients asking us if Zoom can still be trusted to host meetings. It’s not exactly as they portray For those of you catching up, Zoom’s privacy and security have been the target…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

Crossover Sec: Breaking Down the Silos

March 24, 2020

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had…

Read
security risk graphic

Top Six Security and Risk Management Questions

March 12, 2019

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…

Read
blog icon header

Current Security Trends in 2019

February 7, 2019

As the information security industry continues to mature, several things have changed, but many of the fundamental issues remain—even in the face of new technologies, threats, and regulations. Understanding and responding to current trends provides the opportunity for security and risk management leaders to better improve security, increase resiliency, and support the business. With renowned…

Read
checkmark graphic

Few cons to bringing in the pros: Why should you have a third-party risk and security assessment?

January 10, 2019

At TrustedSec, we get about 400-500 inquiries for security assessments every year.  Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment? Why can’t we just do it ourselves? We already know we’re terrible—why do we need you to tell us that? There…

Read
yocum security analogy graphic

The Three Best Security Analogies I Know (and How to Use Them)

October 29, 2018

When it goes well, explaining security concepts to coworkers, friends, and family is one of the best parts of being in the security industry. It helps others make more risk-aware decisions, reduces ‘inarticulate tech geek’ stereotypes, and enhances soft-skills. Unfortunately, explanations do not always go well. Audiences need to be in the right state of…

Read
network map

Preparing for (IoT) Segmentation: Six Steps to Get Your Functional Requirements Right

July 12, 2018

Recently, a client of ours expressed interest in segmenting their existing, flat network. The existence of these types of non-segmented networks is still very prevalent, especially in the manufacturing, supply chain, and medical verticals. The primary reason the organization wished to move on this initiative was in an effort to reduce the scope of their…

Read
  • Browse by Category

  • Clear Form