User training is important, but it is not a silver bullet. It is a control of last resort. This video explains how user training should fill gaps left by other controls.
This blog article summarizes my research on how to effectively manage vulnerabilities. It is never just about simply throwing patches or controls at them.
This is a free, downloadable white paper (PDF format) providing information about how to implement and manage a comprehensive business continuity program.
This blog addresses risk management, incident response, controls management, and operational security impact on business operations. It is a resource for anyone attempting to balance security with effective business operations.
My blog on surviving the unthinkable and other challenges, including risk management, threat management, incident reponse, and other topics appropriate to strategic and operational security.
This is a free, downloadable book (PDF format) providing detailed information about how to implement and manage a comprehensive security program.
Change management is critical to ensuring changes to systems and networks do not break anything or increase operational risk. This video explains this and how to create a change management process.
Critical systems provide direct support for business operations, utilities, and other activities that we never want compromised. This video explains this and how to provide key controls to card processing, health care delivery, utilities, and other critical systems.
Ransomware has become one of the most prolific attack methods. Without proper preparation and reponse, attackers can force you to pay to get your data back: after bringing down your business processes for some period. This video explains this and provides a guide for preventing attacks and preparing for the inevitable.