Kindle Edition
Paperback Edition
The Role of User Training in Information Security
User training is important, but it is not a silver bullet. It is a control of last resort. This video explains how user training should fill gaps left by other controls.
Manage Vulnerabilities According to Associated Risk
This blog article summarizes my research on how to effectively manage vulnerabilities. It is never just about simply throwing patches or controls at them.
Business Continuity Planning Guide
This is a free, downloadable white paper (PDF format) providing information about how to implement and manage a comprehensive business continuity program.
Tom Olzak on Security Blog
This blog addresses risk management, incident response, controls management, and operational security impact on business operations. It is a resource for anyone attempting to balance security with effective business operations.
Olzak on Business Continuity - CSO online
My blog on surviving the unthinkable and other challenges, including risk management, threat management, incident reponse, and other topics appropriate to strategic and operational security.
Introduction to Enterprise Security: A Practitioner's Guide
This is a free, downloadable book (PDF format) providing detailed information about how to implement and manage a comprehensive security program.
Change Management
Change management is critical to ensuring changes to systems and networks do not break anything or increase operational risk. This video explains this and how to create a change management process.
Protect Critical Infrastructure
Critical systems provide direct support for business operations, utilities, and other activities that we never want compromised. This video explains this and how to provide key controls to card processing, health care delivery, utilities, and other critical systems.
Defend against Ransomware
Ransomware has become one of the most prolific attack methods. Without proper preparation and reponse, attackers can force you to pay to get your data back: after bringing down your business processes for some period. This video explains this and provides a guide for preventing attacks and preparing for the inevitable.