Who Needs a Risk Framework? Ever try to take a long trip without a GPS or old school roadmap?   Think about the prospect of travelling cross country with no reference for direction…reacting to every stretch of highway and turn in the road.   Believe it or not, this is how some organizations manage information security.    Effectively...Read More

A 2016 report by Symantec, a large security and anti-virus company, sheds light on the current environment of ransomware attacks.   One of the more interesting discoveries is that the Services sector is the most targeted area at 38 percent, followed by Manufacturing, Finance, Insurance and Real Estate.  The services sector appears to be easiest to...Read More

Pontiac, Michigan – Security Vitals, a Michigan-based, cyber security services firm, announces the release of the Compliance as a Service (CaaS) offering to help manufactures retain their government contracts by complying with the looming NIST 800-171 cyber security standard. NIST 800-171 is a collection of technical and process controls designed to protect Department of Defense...Read More

Is there true accountability for technology investments? Consider past investments for InfoSec as another possible cause for waning support.  Over the past 5 years, the InfoSec industry has been flush with security technology spending driven a crowded product marketplace.  While most technologies are built on sound principles for reducing risk, they require process definition and...Read More

As a consulting firm that works with Information Security (InfoSec) leaders at a variety of organizations, there is a disturbing trend that has evolved in the past year.   Many of them are looking for new jobs (at other companies) or considering leaving the profession altogether.  In a field that is already short on good talent…why...Read More

The old saying is something like this: Passwords are like underwear. You should change them often, you shouldn’t share them and they should be mysterious. In other words, your password should be a total mystery to everyone else. With more and more of your daily activities being transitioned to the internet, your password is just...Read More

Use Secure Connections/VPN When offered a choice between connecting to an unsecured network vs. a secured network, always choose the latter.  The ease of connecting to an unsecured network is enticing at times, but logging in with credentials always pays off.  If no secured network is available, use a Virtual Private Network, or VPN, to...Read More

While it may not be a question of when but more one of why, information security is heading down a path that needs metrics to thrive.  An interesting question when you consider that, the timeline for information security as a discipline is quite short; the young age of our industry translates into immature practices that...Read More

County System Hacked Just last week, county officials in Bingham County, Idaho, reported a large scale attack on their system.  County employees discovered inaccessible encrypted files on their servers, followed by a prompt demanding a ransom in exchange for Bingham County’s data. Ransomware attacks of this size were frequently reported in 2016, but stipulated payment...Read More

The amount of data in the world is doubling every year, predicted to surpass 44 zettabytes, abbreviated ZB, up from 4.4 ZB in 2014. For reference, 1 ZB is equivalent of 1 trillion GB.  With this massive amount of data comes an increased difficulty to secure, store, and make sense all of it. More specifically,...Read More