December 2021 - Fractional CISO

30th December 2021

Top Fractional CISO Blogs of 2021

With 2021 coming to a close and 51 new blog entries in the books, we are going to engage in our now-annual practice of revisiting the top articles we published this year.

22nd December 2021

What does a bad auditor mean for your business?

Cybersecurity compliance evaluations like SOC 2, ISO 27001, and HIPAA might have one set of standards set by one overseeing organization, but the independent auditors who audit companies for these standards can have drastically different approaches. The result? Programs that are compliant being forced to do extra, meaningless work – or worse – companies that…

16th December 2021

One Size Fits Nobody

Once again, basketball season is upon us. With it comes the sound of shoes squeaking, balls bouncing, nets swishing, and rims rattling beneath the force of ferocious dunks. Well… maybe not the dunks, since I’m actually talking about my third-grade daughter’s team, of which I am the coach. This year, the girls are behind where…

14th December 2021

Log4Shell Logo

I have been surprised how the Log4Shell vulnerability has not made it in the mainstream press more. This is one of the most serious vulnerabilities I have seen in my career. When I talk to my non-tech friends and family members, they haven’t heard of Log4Shell or Log4j. One of the successes of the Heartbleed…

11th December 2021

Serious vulnerability: Log4J

We sent the following notice to all Fractional CISO clients yesterday. We are sending this notice to all Fractional CISO clients to inform them about an extremely critical zero-day vulnerability that requires immediate attention – right now, not on Monday. This vulnerability is pervasive, Internet-facing, and easily exploitable by anybody with limited hacking experience. What’s…

9th December 2021

What are the best Google Workspace security settings?

Which of these scenarios sounds scarier: A bad guy manages to compromise an employee’s email account. A bad guy manages to compromise an employee’s Google Workspace account. If you’re a Google business, hopefully you picked the second option! While business email compromises are always bad, Google Workspace’s functionality as an online office suite and document…