.png)
What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything? Check out this post for the…
The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk. Check out this post for the basis for our conversation on this…
We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment? Check out this post for the basis for our conversation on this week’s episode which…
What’s the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause? Check out this…
We know that security plays a role in DevOps, but we’ve been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and…
Stop buying security products. You probably have enough. You’re just not using them to their full potential. Dig into what you’ve got and build your security program. Check out this post for the basis for our conversation on this week’s…
Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can’t start with it? Check out this post for…
Security researchers and hackers find vulnerabilities. What’s their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines? Check out this post for the discussion that is the basis…
When Internet of Things or IoT devices first came onto the market, security wasn’t even a thought, let alone an afterthought. Now we’re flooded with devices with no security and their openness and connectivity are being used to launch malicious…
Your policy should rarely change. But your ability to achieve that policy is found in procedures or governance that should inform, steer, and guide your team. Those procedures should change often and others should follow. Are they? Check out this…
