SANS Security Trend Line

Twelve Word Tuesday: Life In The Post-Cybersecurity Framework Era Doesn't Feel Much Different

If yet another cybersecurity framework is announced, does it make any noise? Continue reading Twelve Word Tuesday: Life In The Post-Cybersecurity Framework Era Doesn't Feel Much Different


Will Microsoft's New CEO and the Sorta Return of Bill Gates Be Good for Security?

Back in August 2013 I asked "Will Steve Ballmer's Departure Change Microsoft's Approach to Security, For Better or Worse?" Now that Microsoft has announced Ballmer will be replaced by Satya Nadella, and that Bill Gates will resign as the Chairman of Microsoft's Board to become Nadella's "Technology Advisor" it is probably a good time to … Continue reading Will Microsoft's New CEO and the Sorta Return of Bill Gates Be Good for Security?


Twelve Word Tuesday: Would a CEO Depend on Yearly Audits, Plus Quarterly "Scans," to Determine if the Company was Profitable?

CISOs could learn much from good CFOs about actually doing continuous monitoring. Continue reading Twelve Word Tuesday: Would a CEO Depend on Yearly Audits, Plus Quarterly "Scans," to Determine if the Company was Profitable?


Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie

Retail cyber-security advancement requires vast improvements in PCI governance, not DSS bloat. Continue reading Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie


Ramblings On Risk - Part II

In Part I, I explained why I have always trashed the traditional risk equation of the form Risk = Probability of event * Cost/impact of event. I've pushed an alternative, simplified form of Risk = (Threat * Vulnerability) + Action. Here's where that comes from: I've always been a fan of the Common Vulnerability Scoring … Continue reading Ramblings On Risk - Part II