Author’s Note: This is a 9 part Monitoring Series. I recommend reviewing them in the order they are published for cohesiveness. What Makes Us Monitor? I know what you’re thinking, “let’s get on with it, show me the good stuff!” Well, this is the good stuff. Unless you know why you’re monitoring, and you take […]
Author’s Note: Far too often I’ve run into systems in my career where monitoring is an afterthought. At best, monitoring is bolted on after the system has been released to the consumer. Indeed, the focus of monitor must begin much sooner in the development cycle, providing insights and integration during the software engineering efforts. This […]
by Mark McCullough | Technical Consultant at Taos Most organizations understand the value of a risk assessment. It can help define how you architect and operate all of your IT resources, and even how you define your business processes. Most organizations almost never update that assessment nor do they use it effectively. Risk assessment methodology […]
by Mark McCullough | Technical Consultant at Taos Former Mozilla developer Robert O’Callahan recently joined the growing chorus of those openly stating that anti-virus products cause more security harm than they prevent. He’s right, but that’s not the only security product that should have the harsh glare of security shined on it. It’s time for […]
by Mark McCullough| Technical Consultant at Taos Preparing for an Information Security Incident No matter what role you play in a company, you have responsibilities during a security incident. Do you know what to do when the panic button is hit? If you aren’t part of the security team, most of your responsibilities during an […]
by Joel Duisman, Senior Technical Consultant & Security Practice Leader at Taos “Turning the Corner” — An expression denoting new horizons and chance to move beyond old obstacles. In the early 1980s, when I was first exposed to email, I initially marveled the effectiveness and utility of asynchronous communication through computer networks. Before long, my friends […]
by Mark McCullough, Senior Technical Consultant at Taos Information security, infosec for short, is traditionally characterized by Mordac, Preventer of Information Services of Dilbert™ fame, where every improvement in security comes at the cost of usability. That model doesn’t work today. Cloud services creates problems of identity and access management and securing access. BYOD is […]
by Jason Ritzke, Senior Technical Consultant at Taos When architecting secure infrastructure a natural place to begin is a common standard set, such as those provided in a DISA STIG or CIS guideline. However, while industry standard compliance documents can often be a provocative starting point for thinking about your infrastructure requirements, they are no […]
Over the past decade most companies have come to accept ongoing security evaluations as a cost of doing business. Companies take pride in the careful evaluation of vendor products and processes done to limit risk. However, the last two months of revelations have shown us that this straightforward approach is no longer enough.
Revelations in 2012 that Google, Microsoft, and other cloud business vendors were providing customer data to the U.S. government’s PRISM program without a warrant1 woke many up to the risks inherent in cloud storage. However, the last few months haven’t been easy reading for companies who avoid cloud storage either.
As a consultant over the last 20 years (11 of those focusing on security) I’ve seen dozens of attempts to create and implement successful information security programs across organizations ranging from technology startups to global financial organizations and just about everything in between. While the attempts varied in levels of rigor and complexity depending on […]