Separation of duties is a critical factor for effectively managing business risk. Executives understand the importance of financial oversight and hire CPA firms to double check the work of their CFO. The same rules apply to managed IT service providers and cyber security oversight. There is a troubling trend among IT service providers as they...Read More

Anyone with cybersecurity experience is a hot commodity in the current job market.  For those seeking talent, the transition of the workforce from in-office to work-from-home due of COVID has made the competition fiercer.  Gone are the traditional geographic boundaries and regional salary limitations.  It’s now commonplace for employees who live in the Midwest to...Read More

Ransomware and other types of cyber incidents are now commonplace discussion topics in boardrooms for companies large and small.  Fear of exposure, disruption, and financial loss are leading contributors to the conversation.  In fact, nearly three quarters of US CEOs in Price Waterhouse Coopers 24th Annual Global CEO Survey said they are “extremely concerned” about...Read More

Recent world events in Ukraine have once again focused the business on the potential impact of cyber-attacks as a means of disrupting business.  This trend is particularly troubling for the automotive supply chain because the symbiotic nature of these relationships means one attack could ultimately interrupt product shipments for many companies.  Looking across the supply...Read More

It’s an age-old question what came first, the chicken or the egg?   This paradigm illustrates the challenge organizations face when contemplating a risk assessment.   Should they fix known issues before an assessment…or should they complete the assessment and follow the prescribed recommendations. It’s an interesting question. One that can be overshadowed by the internal team’s...Read More

On March 21, 2022 the President of the United States issued a statement directly addressing concerns about domestic cybersecurity.  With the Ukraine war now entering the fourth week, there is heightened anxiety about the escalating cyberattacks originating in Russia.  Beyond the physical attacks against the Ukraine nation, Russia has stepped up cyberattacks on countries that...Read More

The world is aghast watching Russia invade Ukraine, and it’s critical that the physical separation of these events doesn’t create a false sense of security for the US.   As the countries around the globe step up sanctions and impose restrictions on critical Russian resources, war will expand on a different front.  Cyberwarfare is nothing new,...Read More

It’s no secret that the world gets smaller every year.   Globalization of industry and trade has created ever-expanding opportunities, sometimes to the detriment of businesses and individuals.  The internet is a critical variable in this equation as it delivers instant access to resources worldwide and produces a growing industry focused on cyber-crime. There is a...Read More

A risk management framework (RMF) is an organization’s security controls road map for managing its cyber risks. RMFs define how the people in an organization utilize processes to manage technology, ensure oversight, and reduce risk exposure. The framework often serves multiple purposes, from evaluating the maturity of security controls to demonstrating due diligence in securing...Read More

The recent discovery of Log4J and its widespread impact on businesses highlights the importance of scanning networks to identify and mitigate software vulnerabilities. But periodically scanning networks is the easy part of building an effective vulnerability management program. Since these “programs” aim to identify and fix software vulnerabilities, ongoing management must include a schedule of...Read More