Collaborate Disseminate
Our manager often asks us for a quick understanding of what the risks will be based on some idea that the department has been working on during the ideation phase (the business requirements are generally written but no impla… Continue reading How to create non-generic security requirements for an idea phase?
Someone asked me to create a site for their online business which I did, handling a lot of the development myself. After I created my account on the site I told my employer “Hey, the site is ready you can create an account fo… Continue reading Business founder wants access to database but has no DB skills
Our organization in the process of implementing several digital transformation initiatives including online/cloud platforms.
There are arguments in our Information Security team regarding ‘Risk Appetite’ of the organization…. Continue reading Should we change risk appetite when we go on a digital transformation journey?
Does anyone know of any good Risk Registers to start logging security risk that are found on the fly?
The problem that I am having is that we find so much in a day, things start to get lost in emails and we tend to forget the risks that … Continue reading Security Risk Register
We’ve recently started using O365/SPO/OneDrive for business as a sharing platform over a previous niche provider platform. I’ve noticed that each time a user shares content externally, the external user gets an account in our… Continue reading What risks are associated with SPO/Onedrive/O365 external user accounts in active directory?
When setting up the security for business to business API integration. We are discussion 2 option
Mutual TLS with IP Filtering
TLS with a Shared secret and IP Filtering.
Which is the more secure approach and what make… Continue reading API Security – Mutual TLS vs TLS with shared secret .
Is there an optimum number of systems an ISSO should be responsible for? I realize system size and complexity come into play but assuming most are large and of moderate risk, etc. is there a number that can be consideered a … Continue reading Recommended number of ssytems under an ISSO
I have been working in the field the past 2-3 years and I have a total of 10 years experience with computer science. I want something I could do part time from any country in the world. I would rather not do straight coding, … Continue reading What kind of completely online business can I run doing infosec/cyber security?
From a business standpoint, how would you express the need for a vulnerability research team?
In the end, would it be infeasible from a business standpoint unless said business chalked it up as a marketing cost (to promote o… Continue reading How to justify a Vulnerability Research function at a company
From a business standpoint, how would you express the need for a vulnerability research team?
In the end, would it be infeasible from a business standpoint unless said business chalked it up as a marketing cost (to promote o… Continue reading How to justify a Vulnerability Research function at a company