Posted on November 11, 2019 by John McDonaldAs an end user of RSA Archer, an enterprise governance risk and compliance (eGRC) Program Director for a Fortune 50 company, and now an eGRC Practice Manager for a boutique consulting firm, I have gained valuable experience and insight into what customers are looking for in the eGRC realm. Learn More
Posted on October 31, 2019 by Charles Worrell
Medical devices that use third-party legacy software called IPnet, are at risk for remote attacks conducted by hackers. The Food and Drug Administration (FDA) issued a warning to patients, healthcare professionals, IT staff in healthcare facilities and manufacturers on October 1, informing them of the vulnerabilities.
The IPnet software is still part of several operating systems and applications for medical and industrial systems that are used today. Learn More
Posted on September 18, 2019 by Devesh PanchwaghIf you are an automotive supplier or service provider, you may have enough to worry about to stay on track with product delivery goals. There are OEM demands and aggressive plans to speed time to market. And now, Information Security assurance is required in the Testing phase for Automotive products. Learn More
Posted on September 1, 2019 by John McDonaldCan you remember the last time you supported an audit or assessment? You may still have occasional nightmares about the process. It may have been a regulatory audit for something like HIPAA, PCI, NERC/FERC, or DFS 23 NYCRR 500. If there were only some way to simplify the process and make it less painful (and costly). Well, there is a way. Learn More
Posted on August 20, 2019 by John McDonald
When it comes to cybersecurity, organizations that use Industrial Control Systems (ICS) tend to be at a disadvantage. There are unique factors that affect managing risk for such systems.
In this blogpost, find out what makes managing risk a slippery slope for Industrial Control Systems. See how using FAIR methodology to quantify risk can help you pinpoint your biggest cybersecurity vulnerabilities — and spend budget intelligently. Learn More
Posted on August 13, 2019 by Charles Worrell
As a pen tester, I’m only as good as the tools at my disposal, the team by my side, and the handy skills in my back pocket. When it came time to conduct a Red Team Assessment, my team and I needed to combine all our special skill sets to test our client’s defenses.
The first thing we needed to do was to understand the client’s Internet footprint. This understanding would provide valuable intelligence for the rest of the engagement. Learn More