Today is the last day of Fiscal 2013 for US federal government folks. This may be one of those years where government folks can stay up late at fiscal New Year's Eve parties, watch the glittery ball drop from the OMB tower, and then sleep in on Tuesday am - the US Government may be … Continue reading Not So Happy Fiscal New Year'S Eve to Government Security Managers!
I'm always on the lookout for good graphics to use in presentations about security. I recently came across EIQ Network's recent small survey on "What Keeps IT Pros Up at Night?" that reported roughly equal fears of experiencing a breach and failing a security audit - realistic, but still kinda depressing to me. Failing a … Continue reading Sleepless CISO's Plan on Implementing the Critical Security Controls
At the SANS NetSec conference in Las Vegas last week, we had a HealthCare Security breakfast, and one of the issue brought up was that medical machinery and servers often remain vulnerable because the vendors don't issues updates incorporating patches to Windows or other commercial software running underneath the application. The system vendors often claim … Continue reading Don't Let Medical System Manufacturers Hide Behind "We Can't Patch Because of FDA Certification"