Category Archives: Risk Management

Thinking About Reducing Risk

Wow, it’s been a long time since I’ve posted here. I’ve been kinda busy, tons of travel, sending a kid off to college, BlackHat and DefCon and DerbyCon, lots of engagement with customers around the idea of a mature vulnerability … Continue reading

Posted in Risk Management | Tagged , , | Comments Off on Thinking About Reducing Risk

The Maturity Model … Matures

We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment … Continue reading

Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged | Comments Off on The Maturity Model … Matures

What Is A Good Security Program?

What distinguishes a good security program? One of the hardest questions to answer in the Information Security field is whether our security program is good, or not. It’s a question we want to answer for many reasons, not least of … Continue reading

Posted in InfoSec, Penetration Testing, Risk Management, Security, Vulnerability Management | Tagged , , , , , | Comments Off on What Is A Good Security Program?

Vulnerability Management Re-Visited

I know, boring topic. Just part of IT and Security operations. Nothing sexy here. It’s way more fun to think about how to beat those nasty, mean APT’s, how to detect malware actively on your network, how to do fancy … Continue reading

Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged , , , , , , | 1 Comment

The Adobe Breach: Initial Lessons

Now that we’ve had a little time to absorb the impact of the Adobe breach, there’s a few lessons we can learn already. First, a link for those who have been living in a cave and don’t know what I … Continue reading

Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged , , , | 20 Comments

Building CISO Relevance: Written For BitSight

BitSight is a very interesting security startup that is trying to do something we all have wanted for a long time. Their goal is to find ways to actually quantify risk in a measurable, objective way. If they achieve anything … Continue reading

Posted in Big Data, General, InfoSec, Risk Management | Tagged , , , | Comments Off on Building CISO Relevance: Written For BitSight