People by nature don’t like to be told what to do. Most people would rather be told what needs to be done and left to their own devices to produce the end result. That approach works fine if you are an organization of one. Bring in another person and suddenly things start to get done differently by each person. Those…
A recent post by Kendra Cooley led to a lively discussion around the value of SOC2 attestations. She followed this up with an article that goes into a bit more depth. Discussion around these sorts of issues is always educational. The devil is in the details. When one discusses SOC without clarifying the details, the waters get muddy very fast.…
Organizations must take risks in order to operate. Each organization determines what level of risk is acceptable to that organization. This concept is known as risk appetite. Security is the process of examining risk across an organization and taking defined steps to reduce those risks to a level that is acceptable to the organization. Security is NOT the act of…
Possibly one of the most poorly understood and overlooked problems faced by businesses and consumers is the proper implementation and management of passwords. Typically, access is granted to a system or resource simply by entering a username and password. Usernames are typically email addresses or some combination of the user’s first and last name, so these are easy to guess.…