BLOG

For any organization a data breach is a disruptive experience. Besides the distraction from daily operations, and unwanted publicity, a data breach brings a huge financial burden as well. Most large businesses have the resources to weather the storm, but many small and mid size businesses aren't as fortunate. Most SMBs don't have the capital or technical talent on staff to properly respond to a data security breach. Given that 71% of data breaches target small businesses, I thought it would be beneficial to discuss the fallout of a security breach and the impact it could have to a small business.

Read More

I don't know how I missed it before, but I stumbled upon a little InfoSec analogy that has been floating around for a while now. It goes a little something like this: "Passwords are like underpants...". They then proceed to list all the things that passwords and underwear have in common.

Read More

We are getting excited around here for the first ever QSA Educational Discussion! This is going to be a great event to hone your PCI compliance skills, get answers to those complex compliance questions and PCI DSS interpretations.

Read More

Microsoft just released a new tool for their Security TechCenter. Its a pretty straight-forward service called My Bulletins [^1]. Basically it provides a customized dashboard to present Microsoft security bulletins. The nice thing is that you can customize the dashboard to only receive notices for those Microsoft products you use and care about.

Read More

More than a month has past since the disclosure of the Heartbleed vulnerability and it is still making the rounds in the news. Even though it presents a serious security issue to Internet communication there are still a good number of servers and services that haven't been fixed. There is also evidence that a good portion of remediation efforts have fallen short and are insufficient to protect against and resolve the issues created by Heartbleed.

Read More