SANS – Confusion in the Top How Many?

Enterprise Security or Secure Solution program?

While discussing the SANS Top 20 Critical Controls a couple of weeks ago I ran into some confusion with an infosec partner about the number of controls we were talking about.  He referred to the Top 25 but I know from my training and certification that there are 20 controls.

Humans are STILL a Weak Link in Risk Mgmt

Checking out today’s current events from Feedly I ran across Bruce Schneier’s comments around a social engineering attack that resulted in ~ $300,000 loss to Apple in products.

apple store

Cloud First, US Gov Style (FedRAMP)

“Cloud first” is an approach I’ve heard articulated as a means to delivering on business objectives.  The policy I’ve heard has referenced if not been predicated on the fact that the US government is implementing this policy in their federal agencies.