Creatively Exposing Your Business to Risk

There are many ways a business can be exposed to risks and some of them can seem like great ideas.
While I visiting a retail location recently, I noticed this sign.

 

The sign asks patrons to text a local number if they notice the facility needs maintenance

FedRAMP Status

FedRAMP logo

 

Over three years into the program that allows US government agencies to use Cloud Service Providers (CSPs), there are 75 authorized products.

Most federal agencies currently use five or less of the authorized cloud offerings, other agencies use these offerings extensively.

Managing Passwords, Securely

I recently wrote about the desire, by many, to see the death of passwords.  All negatives considered, if passwords go away, it won’t be because people don’t like them but because they lose their efficacy and cost proposition (they’re effectively free, transportable, satisfy the “something you know” criteria, and they’re easy to replace).

The Death of Passwords

Password Management

 

Good enough.

It’s not a concept most people associate with information security people or the approach to information security but it is something we in information security desire.  We don’t want to overburden ourselves with unnecessary work or even management of controls.

Cigital’s Agile Security Manifesto

All Rights Reserved, Royalty-free license purchased through Fotolia.com

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto.

[su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote]