IT Compliance and Controls

There have been recent success in research efforts (mostly academic and theory in origin and a few recently progressing into the more exploitative POC) to identify weaknesses that exist in everything from Firewire connections to the magnetic cards used to access secure facilities.  These proofs of concepts highlight the necessity of a well deployed control […]

[Read more →]

Intellectual property for an organization can vary between trade secrets (i.e. the ’secret sauce recipe’) and customer specific data.  Every organization must classify information appropriately based on their own usage of the data, governing laws, and best practices.  Two recent examples caught my attention as examples where data was compromised and the affects.
The first is […]

[Read more →]

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

In my book, IT Compliance and Controls, I highlight the importance of the energy infrastructure, and the risks that these systems face given their newly interconnectedness. To highlight the relevant points from the book - the energy infrastructures of the world support the medical, HVAC, security, and financial systems of our economies. The […]

[Read more →]