March 05, 2020
Why Business Continuity Goes Beyond IT – An Example In Coronavirus
October of last year I led a business continuity (BC) workshop for clients, prospects and partners. While explaining that a good BC program permeates throughout an entire organization an attendee asked how he could best deliver that message to upper management. He worked for the IT department of a healthcare provider. His concern was that […]
Read more
March 04, 2020
Technological Impacts of Coronavirus: Is Your Environment Prepared?
You have probably heard of this interesting virus affecting people in other countries. However, have you considered the organizational impact Coronavirus may already have on your business today? What about when, not if, it proliferates in the United States? All major publications and news outlets – the New York Times, The Wall Street Journal, CNBC, […]
Read more
October 25, 2019
Teachable Moments in IT
An article caught my eye this week. It involves the unfortunate circumstances in the city of Baltimore, but it’s a valuable lesson to any organization (link below). In short, a combination of ransomware and poorly managed backups wreaked havoc on the City of Baltimore. The unfortunate situation is a good reminder of how the best […]
Read more
September 03, 2019
Business Continuity And Top Management Are Inseparable
Business Continuity and Top Management are Inseparable ContinuityCentral.com posted an analysis by editor David Honour of a crisis communication statement made by National Grid CEO John Pettigrew following a wide-area power outage that occurred on August 9th, which was the largest to occur in the UK for over a decade. The analysis scrutinizes every part of Pettigrew’s statement, […]
Read more
August 02, 2019
Avoiding the Capital One Breach: Defense in Depth
With the release of the criminal complaint in the recent Capital one breach we now have a better understanding of how Paige A. Thompson exfiltrated data from their cloud vendor. We don’t know all the details and can only make inferences based upon the information available. Deploying CloudGuard on AWSCase Study The complaint states that a GitHub file was […]
Read more
July 30, 2019
VxWorks Vulnerabilities: More Exposure Than You Think
Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack. Well, while this is something you may not have heard of it is the real time operating system […]
Read more
July 23, 2019
Your Password Policy Should Challenge Hackers, Not Your Users
Any time a human is involved, the potential for weakened security increases. Password policies are necessary for cybersecurity compliance; however, burdensome password policies can result in bad user behavior like password transformation. SUBSCRIBE TO SAYERS BLOG REMEMBER WHEN – IBM published the startling statistic that human error was found to be involved in 95% of all security incidents in “2014 Cyber […]
Read more
July 03, 2019
Affordable Cybersecurity Assessment using OWASP
Sometimes we just need a sanity check and assessments offer that opportunity. An assessment can offer a glimpse into those things that may require our attention, and ideally, some validation of our good work. But, they can be potentially expensive. For a quick self-assessment, there is a less-expensive option to consider. The OWASP Cyber Defense […]
Read more
February 17, 2019
Doomsday Docker Software Vulnerability
The attraction of a DevOps strategy is understandable, but sometimes I feel like the speed of business should be just a bit slower. At least slow enough so we security professionals can properly get on-board. The most recent indicator of this need is the runC vulnerability just identified in the most common container toolsets in use today. Docker, […]
Read more
January 28, 2019
Combatting Uncertainty Around Cloud Security Readiness
Overall, there is a weak grasp on what “Cloud Security” actually means. I recently spent time discussing possible challenges with cloud security at a cybersecurity conference. As I tried to pack my research into the allotted twenty-five minutes, I quickly realized we, collectively, don’t have a good grasp on what cloud security actually means. I think this is the […]
Read more
