Management, compliance & auditing March 11, 2021 Howard Poston Commercial off-the-shelf IoT system solutions: A risk assessment The Internet of Things (IoT) is growing rapidly. IoT devices provide convenience and can be a more efficient and cost-effective solution to a variety of different...
Management, compliance & auditing March 9, 2021 Patrick Mallory A school district’s guide for Education Law §2-d compliance During the 2014-2105 fiscal year, the New York State Education Department enacted Education Law §2-d, which includes a series of provisions designed to enhance...
Management, compliance & auditing March 8, 2021 Kenneth Magee IT auditing and controls: A look at application controls [updated 2021] Portions of this article, including many of the definitions and terminology, have been sourced and summarized from ISACA.org and course materials published...
Management, compliance & auditing February 15, 2021 Howard Poston 6 key elements of a threat model Threat modeling is a process for threat discovery and risk management. Any system carries potential risk, and a clear understanding of these risks is essential...
Management, compliance & auditing February 11, 2021 Howard Poston Top threat modeling frameworks: STRIDE, OWASP Top 10, MITRE ATT&CK framework and more Threat modeling is an exercise designed to identify the potential threats and attack vectors that exist for a system. Based upon this information, it is possible...
Management, compliance & auditing February 1, 2021 Infosec Average IT manager salary in 2021 IT management is a competitive career opportunity. Some companies hire from within, but you can still find job opportunities from IT firms looking for qualified...
Management, compliance & auditing February 1, 2021 Susan Morrow Security vs. usability: Pros and cons of risk-based authentication Risk-based authentication (RBA) has to become part of the enterprise lexicon for a good reason. The authentication measures used to protect access to resources...
Management, compliance & auditing January 11, 2021 Howard Poston Threat modeling: Technical walkthrough and tutorial Threat modeling is an exercise designed to help an organization identify potential threats and cybersecurity risks within their organization and systems....
Management, compliance & auditing December 23, 2020 Gilad Maayan Comparing endpoint security: EPP vs. EDR vs. XDR Endpoint detection and response is a type of security solution that provides real-time visibility into endpoint activities by monitoring and recording endpoint...
Management, compliance & auditing December 22, 2020 Howard Poston Role and purpose of threat modeling in software development Threat modeling is an exercise designed to identify the potential cybersecurity threats and attack surface of an application. By working through the threat...