I recently posted the below on the SANS Internet Storm Center. The CIS Controls serve as a “prioritized set of actions to protect your organization and data from known cyber attack vectors.”. Embraced by several organizations as outlined in the Case Studies section, significant improvements to their cyber security programs are listed and can serve as an inspiration to consider this […]
CIS Controls Version 7
I recently posted the below on the SANS Internet Storm Center. The Center for Internet Security (CIS) has been working diligently to update the CIS Controls (formerly known as the Critical Security Controls). A compelling feature of the CIS Controls is their regular updates that reflect the current cyber threats that face organizations, both small and large. The CIS Controls are the product of a […]
CIS Controls Implementation Guide
CIS Controls Implementation Guide The CIS Controls Implementation Guide was recently released by the Center for Internet Security (CIS), the home of CIS Controls directly mapped to their CIS Controls. It is focused on actionable steps that can be taken right now to assess and improve cyber security posture and preparedness, particularly in small and medium-sized […]
What Can You Learn On Your Own?
I recently posted the below on the SANS Internet Storm Center. We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several […]
What’s On Your Not To Do List?
I recently posted the below on the SANS Internet Storm Center. In our craft, there are more than ample opportunities to occupy our time. There are so many things you CAN do. How can you ensure focus on the things that actually make the biggest impact? I suggest that often times you take on more work than what you are able to complete. […]
Unauthorized Change Detected!
I recently posted the below on the SANS Internet Storm Center. How do you detect what has changed in your environment? Is it possible to think beyond the alerts you get from your tools and consider what changes that you absolutely need to know about when they occur? When systems in your environment move from “normal” to “abnormal”, would you […]