BLOG
Asset Management Policy (free downloadable policies)
To skip the article and download the policies and procedures provided: Asset Inventory - Policy and Procedures Sample-Asset Management Policy Introduction In our last several articles we’ve discussed and dived deep into the topic of asset management. Asset management,...
Cybersecurity: Improve the Identify Pillar of Your Program
Traction requires clarity. The overwhelming weight of attempting to improve the whole cybersecurity program often results in a lot of action and business without progress. One of the greatest ways to get traction on security program improvement is by aligning with an...
Scope & Define Identify Controls of NIST Cybersecurity Framework
When attempting to align your cybersecurity program with the NIST CSF framework it’s easy to get hung up and frustrated trying to figure out what the definitions mean, and how they apply to your cybersecurity program. When you read the NIST CSF categories and...
How to Improve Asset Management for Cybersecurity
Asset management is a pain. It’s like the gatekeeper to all the great cybersecurity controls. It’s like the cold vegetables on your plate you know you should eat before diving into that hot juicy piece of Midwest steak… And most of the time, as security professionals,...
SMB Cybersecurity Threats are Real
The cybersecurity threat to SMBs is real. Matter of fact, beside this pandemic, I believe cyber-attacks are the largest threat that SMBs face. Misplaced Hope From my experience consulting in the Minnesota SMB space I observed business leaders make the incorrect...
COVID-19 Security Control Opportunities: #1 Network Baselines
The COVID-19 pandemic creates some unique opportunities for security professionals to mature their security controls. As pragmatic professionals we can categorize security into; Things we know that we know Things we know that we don't know And things we don't know...
Cloud Security Settings to Prevent Anonymous Access (and be in the news).
Cloud providers have amazing security protection and controls. Microsoft recently offered $300,000 for hackers to 'do your worst'. (https://devclass.com/2019/08/06/microsoft-waves-300000-at-hackers-says-do-your-worst-to-azure-security-lab/). They are putting their...
People, Process, and Technology: Resource Pillars of Cybersecurity
If you were given a budget of one million dollars for your security program how would you use it? How do you even go about answering that question? I once visited a company that had rooms full of security equipment and technology. They were looking to hire...
Cybersecurity Metrics: Purpose Drives Measurements
Measuring your information and cybersecurity program can be difficult. But when a metrics program is developed using the right measurements from the right sources, it can provide incredible value insights into your program, reveal weak areas, market your strengths,...
MN Cybersecurity Metrics: Secret Sauce, Assets, Users, and Locations
How can you measure the success and opportunities of a cybersecurity program? With so many risks, threats, vulnerabilities, and exploits in the wild it's difficult for security leaders to clearly articulate what they are focused on, and why they are focused on...