I recently posted the below on the SANS Internet Storm Center. How many times have you heard someone say out loud our “our security policy requires…”? Many times we hear and are sometimes even threatened with “the security policy”. Security policy should set behavioral expectations and be the basis for every technical, administrative and physical control that is implemented. […]
Your Security Policy Is So Lame
I recently posted the below on the SANS Internet Storm Center. Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly […]
Have you seen my personal information? It has been lost. Again.
I recently posted the below on the SANS Internet Storm Center. Remember when milk cartons had pictures of lost children on them? I think of those cartons every time I get a notice that my personal information “may have been impacted” as a result of a data breach. As you might imagine, I recently received […]
Repost – Stop Admiring The Problem. Start Addressing The Problem.
I recently published the below post on the SANS Internet Storm Center site.How much energy do you spending admiring your problems? It does not matter what the problem is – asset inventory, vulnerability management or security awareness. You do have problems. What are you doing to make your current problem less of a problem? Set your problems aside […]
Community SANS in Pittsburgh
Consider joining me for the next Community SANS event in Pittsburgh, PAon June 16 – June 21, 2014. I will be teaching the SANS Security Essentials Bootcamp Style course. This popular course is appropriate both forpeople new to security as well as those who have been in security foryears. This was the first SANS course I attended […]
Community SANS Returns to Charleston
Consider joining me for the next Community SANS event in Charleston, SC on February 24 – March 1, 2014. I will be teaching the SANS Security Essentials Bootcamp Style course. This popular course is appropriate both for people new to security as well as those who have been in security for years. This was the first SANS course […]