April 30, 2015

Frequent readers know metrics are a passion of mine. They provide key stories to answer:

  • Should we invest more or less in security

  • Are we performing to commitments

  • Which groups are top performers

Recently SIRA started aproject to define metrics based on...

April 10, 2015

Caliber Security Partners is proud to announce the GRC Select suite.

With Compliance Communicator advancing out of beta, we’re positioning the legacy term of Security Process Management to GRC Select. Please visit theGRC Select landing page and let us know what you thin...

September 23, 2014

Recently, I had the opportunity to conduct a HIPAA/HITECH Risk Assessment for a regional healthcare provider. In this project, a HIPAA/HITECH compliance assessment was required prior to the risk assessment work.

After the project kick-off meeting, various meetings were...

September 11, 2014

Often in security we get so caught up in firewall rules, anti-virus alerts, answering audit or compliance surveys and such that we sometimes put the cart before the horse. We focus on implementing the little details without developing or updating our overall strategy....

June 26, 2014

I'm an avid hiker and have been a youth leader in several organizations over the past 20 years or so. In outdoor leadership, a core component of leadership is awareness: awareness of environment, group and self (see "AMC Guide to Outdoor Leadership" by Alex Kosseff). A...

June 6, 2014

As a member of Infragard, a public/private partnership between the FBI and security leadership around the country, I have access to a number of FBI alerts. Many have controlled distribution, but some are completely open. Monday June 2, the FBI issued Flash #32, one of...

May 22, 2014

We recently created a PCI version 3 template for our Compliance Communicator (beta) application. In the process we copied the requirements, testing procedures, and guidance to an excel spreadsheet.
The copying took some time and I bet you'd rather be doing something el...

March 17, 2014

Just like "agile," the devops concept is really what the team decides. To borrow a phrase from the scriptures, devops was made for man, not man for devops...

In most cases, developers still deliver to a devops team - the "dev" in devops means the operations team becomes...

February 19, 2014

It’s something we all talk about. It’s something we all wish we did better. It’s something that we all worry about at night: how do we “secure developers?” In this blog post, I’ll address strategies for increasing the security around your development organization, and...

September 6, 2013

We’ve made it to the final post of the series “Will The Real CSPs Please Stand Up?” If you haven’t read the first three entries you can find them herehere, and here.

In this last post I continue where I left off with where the carriers fall short and what could

The ch...

Please reload

Featured Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Recent Posts