Top Fractional CISO Blogs of 2021
30th December 2021
With 2021 coming to a close and 51 new blog entries in the books, we are going to engage in our now-annual practice of revisiting the top articles we published this year.
-- READ MORE
What does a bad auditor mean for your business?
22nd December 2021
Cybersecurity compliance evaluations like SOC 2, ISO 27001, and HIPAA might have one set of standards set by one overseeing organization, but the independent auditors who audit companies for these standards can have drastically different approaches. The result? Programs that are compliant being forced to do extra, meaningless work – or worse – companies that…
-- READ MORE
One Size Fits Nobody
16th December 2021
Once again, basketball season is upon us. With it comes the sound of shoes squeaking, balls bouncing, nets swishing, and rims rattling beneath the force of ferocious dunks. Well… maybe not the dunks, since I’m actually talking about my third-grade daughter’s team, of which I am the coach. This year, the girls are behind where…
-- READ MORE
Log4Shell Logo
14th December 2021
I have been surprised how the Log4Shell vulnerability has not made it in the mainstream press more. This is one of the most serious vulnerabilities I have seen in my career. When I talk to my non-tech friends and family members, they haven’t heard of Log4Shell or Log4j. One of the successes of the Heartbleed…
-- READ MORE
Serious vulnerability: Log4J
11th December 2021
We sent the following notice to all Fractional CISO clients yesterday. We are sending this notice to all Fractional CISO clients to inform them about an extremely critical zero-day vulnerability that requires immediate attention – right now, not on Monday. This vulnerability is pervasive, Internet-facing, and easily exploitable by anybody with limited hacking experience. What’s…
-- READ MORE
What are the best Google Workspace security settings?
9th December 2021
Which of these scenarios sounds scarier: A bad guy manages to compromise an employee’s email account. A bad guy manages to compromise an employee’s Google Workspace account. If you’re a Google business, hopefully you picked the second option! While business email compromises are always bad, Google Workspace’s functionality as an online office suite and document…
-- READ MORE