Home/2019

What We Learned About Each Other While Running 100 Miles Together

Every year our team runs a 100-mile relay race through North Georgia (for charity). Along the way, we learn a lot about ourselves and a lot about each other.

Back in October, I wrote a blog post about why our team does hard stuff together. I wrote that post because our team has a standing tradition of doing things like over-night […]

By |2020-01-23T19:21:47+00:00December 30th, 2019|Culture, News and Events|0 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.
 
People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

So, you got a pentest. Now what?

How to progress toward a truly secure organization and infrastructure after penetration testing.

You did it – you paid for penetration testing services.

Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]

By |2020-01-23T15:44:56+00:00December 9th, 2019|Penetration Testing|0 Comments

Craftsmanship in Music and Compliance

If you’ve been on stage for a speech or performing arts, you know stage fright is real. Businesses can get nervous when they hear the word “audit” in the same way musicians can get nervous before a performance. However, there is one great way to alleviate that fear: preparation. If your business prepares well, you will see the fruits […]

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today.

On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]

By |2020-01-23T19:22:30+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

By |2020-01-31T01:10:36+00:00November 18th, 2019|Cyber Risk Management, Penetration Testing|0 Comments

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs.

The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO 27701 […]

By |2020-01-23T19:24:19+00:00November 4th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset.

As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]

By |2020-01-17T21:16:57+00:00October 21st, 2019|Cyber Risk Management, Penetration Testing|0 Comments

Why We Do Hard Stuff Together at risk3sixty

High School wrestling taught me a lot about shared adversity. We were a strange and gritty bunch of guys that won matches against teams who were far superior to us on paper. We practiced in a small room that was more a makeshift sauna than practice facility, pushed each other past our limits, and had an amazing coach who was a […]

By |2020-01-23T19:23:59+00:00October 14th, 2019|Culture|0 Comments