Most recent blogs, netcasts, papers, etc.


Five Steps to Effective Policy Implementation - Video (December 18, 2018)

This video addresses the considerations needed to deploy security policies with a reasonable expectation of compliance.


Risk Based Access Control and the Role of Continuous Authentication (November 26, 2018)

This paper looks at risk-based access control for protecting sensitive information. It also reviews the emerging role of continuous access control, using device and user behavior, to mitigate access risk.


Five Steps to Effective Policy Implementation - Video (December 18, 2018)

This video addresses the considerations needed to deploy security policies with a reasonable expectation of compliance.


Vulnerability Management and the CVSS Calculator - Video (May 29, 2018)

Vulnerability management requires gathering threat intelligence and information about your environment. Entering this information into the CVSS calculator helps prioritize vulnerabilities based on your unique operating environment.


Role of User Training in Information Security (Mar 19, 2018)

This video shows how user training, although important, is a control of last resort. We should rely on it only to fill gaps left by other controls that do not rely on user behavior.


New Business Continuity Guide (Feb 7, 2018)

This is a vendor-neutral white paper that details the steps necessary to implement and manage business continuity in your organization.


Your apps are never safe enough (June 23, 2014)

You can't rely only on your developers and software vendors to deliver secure applications.


Enable the business with strategy-focused security management (June 10, 2014)

To shift to a risk management posture, security managers and analysts who work closely with project management teams must possess a specific skill set.


Adventures in Security Episode 5 - How NOT to manage incident response (June 8, 2014)

Using the FBI, the risk associated with using Chinese hardware, and what Target did wrong


Respond to actual risk, not the threat alone (June 3, 2014)

The emergence of a new threat does not necessarily constitute an emergency for your organization. Respond to actual risk, not the threat alone.


Adventures in Security Netcast Episode 4: June 1, 2014

Eight security gaps most organizations admit to having and managing the likelihood of security incidents


Security Crossword 3 (May 31, 2014)

Theme: Security Current Events


Many organizations still don't get infosec basics (May 31, 2014)

Building a security framework often starts with low or no cost solutions that many organizations still ignore.


Don't Force Business to Bypass Security (May 28, 2014)

Sometimes, we as security pros are the problem when business managers introduce elevated costs and risks.


Incident Reponse: Save Root Analysis for AFTER process recovery (May 26, 2014)

Deep analysis of the who, what, and why of a security incident should never happen before process recovery.


Simple Root Cause Analysis (April 20, 2014)

Root cause analysis doesn't have to be complicated.