GIAC Certification Attempt or $350 Off OnDemand or vLive Training until April 12

SANS Security Trend Line

Twelve Word Tuesday: Thoughts and Prayers to the Victims of the Navy Yard Shooting and Their Families

Step by step the longest march can be won, can be won Many stones can form an arch, singly none, singly none And by union what we will can be accomplished still Drops of water turn a mill, singly none singly none From "Step by Step" - John McCutcheon Continue reading Twelve Word Tuesday: Thoughts and Prayers to the Victims of the Navy Yard Shooting and Their Families


We Don't Need More Cybersecurity Regulations, We Need More Federal Trade Commissions Enforcing Existing Regulations

Since 2002, the US Federal Trade Commission has punished 48 US companies for violating their published privacy policies and exposing consumer personal data. That list includes big names like CVS, Eli Lilly, Microsoft and Twitter, as well as smaller companies such as Dave and Busters, Franklin Budget Car Sales and something called RockYou. In all … Continue reading We Don't Need More Cybersecurity Regulations, We Need More Federal Trade Commissions Enforcing Existing Regulations


Twelve Word Tuesday: Continuous Monitoring Does Not Increase Security - That Take Continuous Action

Watching a fire doesn't put it out, or prevent the next conflagration. Continue reading Twelve Word Tuesday: Continuous Monitoring Does Not Increase Security - That Take Continuous Action


PCI 3.0: Slight Improvements, More Reporting, No Improvements in the Process

The Payment Card Industry Standards Council recently published a document that previews the changes in the coming Version 3.0 of the PCI Data Security Standards. A short summary of the changes: More reporting - PCI DSS 3.0 will require card holder data flow diagrams, inventory lists of what is in-scope and evaluations of "evolving malware … Continue reading PCI 3.0: Slight Improvements, More Reporting, No Improvements in the Process


Free Money for Continuous Monitoring!!

The Department of Homeland Security recently awarded the first phase of the Continuous Diagnostics and Mitigation (CDM) Blanket Purchase Agreement contract. This award is to 17 system integrators and about 19 product vendors, providing products and services that cover mostly the first four of the Critical Security Controls: Inventory of Authorized and Unauthorized Devices Inventory … Continue reading Free Money for Continuous Monitoring!!