Vectra Provides Pervasive Visibility & Analysis to Detect Cyber Attacks


Though cyber attacks have been around for years, in 2014 there was an explosion in the volume of attacks and a marked increase in the losses and damages they inflicted. In 2015, this does not seem to be lightening up. In February, Anthem health care insurers were compromised, putting 80 million current and former customers [...]



By | April 9th, 2015|David Monahan, IT Management, Scott Crawford, Security|0 Comments

Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC


When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to “move their programs to the next [...]



By | December 19th, 2014|David Monahan, IT Management, Scott Crawford, Security|0 Comments

Why I’m at IBM’s Information on Demand Conference This Week


This week, I’m at a big vendor’s big conference – a conference which, on the surface, may not appear to be primarily about security: IBM’s Information on Demand event in Las Vegas. “But you’re a security analyst.  Why are you going to IOD?” you ask. (And if you didn’t, let me explain:) With over 12,000 [...]



By | October 22nd, 2012|IT Management, Scott Crawford, Security|0 Comments

Security, Visibility, Privacy: Pick Any Two?


Is it possible to have security and privacy? The question has been brought to a head recently, with the intense backlash to the US Transportation Security Administration’s more assertive passenger security checks – a reaction that seems likely to become only more heated with the coming of the busy holiday travel season. The issue for [...]



By | November 22nd, 2010|Cloud Computing|0 Comments

Verizon Publishes its VERIS Community Application


The Verizon RISK team have just published their VERIS community application. Structured on the VERIS (Verizon Enterprise Risk and Incident Sharing) framework, this application is a tool they have made available to extend to anyone the ability to contribute information on data breach incidents, to enrich the already considerable body of breach data Verizon has [...]



By | November 11th, 2010|Scott Crawford|0 Comments

Security: Going Beyond No, Part 2: Getting to Yes


In my last post, I talked about getting beyond “the business of no” in security, to a more effective and thorough approach in which organizations define their objectives, actually implement them, maintain visibility into the environment for consistency with those objectives or activity that could indicate threats, and respond accordingly. This more mature approach is [...]



By | August 31st, 2010|Scott Crawford|0 Comments
Load More Posts