the State of Security

Adam Montville

Automating Cybersecurity: Scoping The Problem

Automating Cybersecurity: Scoping The Problem

by Adam Montville

This is the second post in the Automating Cyber security series – the first being back in October (I really need to speed this up!).  In this post, I would like to simply share a train of thought with you which will lead, I hope, to a rough scope of the problems we face when [...]

Read More

Who Owns Your Account?

by Adam Montville

Seeing that I’m on vacation this week, I thought I’d go a bit off topic (sort of) from typical security posts and share my off-the-cuff thoughts about this article titled, “Experts: Twitter account case may blaze new trails in social media law.”  The subject is, of course, interesting to those of us blogging and using our Twitter [...]

Read More
Thumbnail image for Yes, We Need More Compliance Specifications.

Yes, We Need More Compliance Specifications.

by Adam Montville

Some of my more recent work is centered on making sense of the available security and compliance frameworks and standards, and I’ve got to be honest with you, it’s not that easy!  While some might argue these things no longer matter, the truth is (as I’ve said before) compliance isn’t dead – it’s just going [...]

Read More
Forest

If A Password Changes In The Forest, Does It Make A Sound?

by Adam Montville

A while back I was coaching Jonathan, our intern, on updating our Cybercrime Controls and he came up with a good idea: Let’s monitor for changes to passwords. At first, this seems like low-hanging fruit to detect hacking, which is often coupled with malware in the majority of breach-related incidents. His line of thinking was [...]

Read More

Automating Cybersecurity – Why Bother?

by Adam Montville

A few weeks ago I kicked off a series on automating cybersecurity.  As I previously stated, this series will be covering fundamental automation issues surrounding benchmarks and frameworks, platform identification, workflows, assets and their characteristics, configuration items, scoping, mapping benchmarks to frameworks, and metrics and reporting.  I’m not going to make the articles quite so [...]

Read More

On Insider Threats and End User Security Attitudes

by Adam Montville

Dark Reading has a couple of articles they’ve posted over the past two days that I found to be interesting.  The first article was posted yesterday and tells a story about a risk management professional who made off with some intellectual property (I posted a couple of comments over there you may be interested in [...]

Read More

← Previous Entries

Next Entries →