Management, compliance & auditing April 19, 2021 Patrick Mallory Rapid threat model prototyping: Introduction and overview Choosing a form of threat modeling can help protect your organization from security threats.
Management, compliance & auditing March 11, 2021 Howard Poston Commercial off-the-shelf IoT system solutions: A risk assessment The Internet of Things (IoT) is growing rapidly. IoT devices provide convenience and can be a more efficient and cost-effective solution to a variety of different...
Management, compliance & auditing March 9, 2021 Patrick Mallory A school district’s guide for Education Law §2-d compliance During the 2014-2105 fiscal year, the New York State Education Department enacted Education Law §2-d, which includes a series of provisions designed to enhance...
Management, compliance & auditing March 8, 2021 Kenneth Magee IT auditing and controls: A look at application controls [updated 2021] Portions of this article, including many of the definitions and terminology, have been sourced and summarized from ISACA.org and course materials published...
Management, compliance & auditing February 15, 2021 Howard Poston 6 key elements of a threat model Threat modeling is a process for threat discovery and risk management. Any system carries potential risk, and a clear understanding of these risks is essential...
Management, compliance & auditing February 11, 2021 Howard Poston Top threat modeling frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK framework and more Threat modeling is an exercise designed to identify the potential threats and attack vectors that exist for a system. Based upon this information, it is possible...
Management, compliance & auditing February 1, 2021 Infosec Average IT manager salary in 2021 IT management is a competitive career opportunity. Some companies hire from within, but you can still find job opportunities from IT firms looking for qualified...
Management, compliance & auditing February 1, 2021 Susan Morrow Security vs. usability: Pros and cons of risk-based authentication Risk-based authentication (RBA) has to become part of the enterprise lexicon for a good reason. The authentication measures used to protect access to resources...
Management, compliance & auditing January 11, 2021 Howard Poston Threat modeling: Technical walkthrough and tutorial Threat modeling is an exercise designed to help an organization identify potential threats and cybersecurity risks within their organization and systems....
Management, compliance & auditing December 23, 2020 Gilad Maayan Comparing endpoint security: EPP vs. EDR vs. XDR Endpoint detection and response is a type of security solution that provides real-time visibility into endpoint activities by monitoring and recording endpoint...