2023

The question is not if but when

In today’s interconnected and digitized landscape, the inevitability of cyberattacks has transformed the question from a matter of ‘if’ to a matter of ‘when’. This paradigm shift underscores the critical importance of cybersecurity preparedness in the modern world. The notion that organizations and individuals will eventually experience a breach has compelled a shift from a reactive approach to a proactive and strategic stance in safeguarding digital assets.

August 27, 2023

When was the last time you have validated and/or updated the information security policy documents?

Yes, true for some this is a boring topic. However, most people will try to use the excuse that as long as it is not stated in the information security policy it is allowed whatever they are doing. But then they forget the intent of the information security policy. Therefore, the question is what do you need to think about when validating and/or updating the information security policy documents?

May 29, 2023

Can you piece back the puzzle of the timeline?

Sooner or later, the environment you are responsible for will be hit by a security incident. Small or big. But no matter how significant the incident is, the high-level steps to remediate the incident are the same. Identification, containment, eradication, and post-mortem. And each of these steps has one thing in common. The timeline. In order to contain the incident, you need to find both Patient Zero and Moment Zero. Most people are familiar with the term Patient Zero. But what is Moment Zero?

April 22, 2023

Judgment day: are you ready for it?

If you are a security professional, you know this day is coming. The day the security is breached. And you think you have all the relevant processes and procedures in place. Let’s zoom out a little bit. According to NIST, a security incident has five distinct phases: identification, containment, eradication,...

March 26, 2023

Are you really remediating all the discovered vulnerabilities?

According to an article published by PcMag, LastPass was breached in 2022 by a 3-year-old vulnerability! You would expect that a security vendor is remediating all discovered vulnerabilities swiftly. But that on its own raises a few questions. Questions like ‘Do you really scan all your assets?’ and ‘Do you really track remediation efforts?’. These are questions that every CISO/Security Manager should be asking its vulnerability scanning team. But is it that simple?

March 5, 2023