Processes

Simple Incident Response Plan Template for SMBs

Posted on

The adage among information security professionals is that everyone will get breached eventually, unless you already have been. As with all business risks, it is best to plan for the inevitable. When you have an information security incident, time is of the essence, so you should prepare your plan in advanced. Incident Response Plans are […]

Processes

DevSecOps versus SecDevOps

Posted on

DevOps has been all the rage lately, and for good reason: it allows an organization to provide a more consistent environment for development, test, and production, decreasing configuration errors, all while reducing development time. Another name given to this technique is “Infrastructure as code”. This is generally good for security, as many technical attacks exploit […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Processes

Stake Flip Attack

Posted on

In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]

Processes

GDPR Impact on Non-EU Companies

Posted on

The world has made it past the start of the EU’s General Data Protection Regulation (GDPR) without any major explosions. Much like Y2K, this is undoubtedly because companies were prepared. Everyone has become so peppered over the past few months with notices about privacy policies being updated that it has become the topic of humor […]

Processes

High Security SaaS

Posted on

We have all heard that the chief impediment to the adoption of cloud services is security. While that is certainly a consideration, organizations (and CISOs in particular, based on anecdotal data) are starting to accept that: Security is just one factor that must be considered, and others such as cost may be larger impediments to […]