3 min
Compliance
HIPAA Security Compliance Fallacies (And How To Avoid Them)
Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t
been what I thought it was going to be. When I first started out as an
independent security consultant, I was giddy over the business opportunities
that I just knew HIPAA compliance was going to bring. Around that time, I
learned something from sales expert, Jeffrey Gitomer, that has had a profound
impact on my career. He said that if you work for yourself and are in sales,
which I am, that you must write and speak if
2 min
Endpoint Security
Addressing the issue of misguided security spending
It's the $64,000 question in security – both figuratively and literally: where
do you spend your money? Some people vote, at least initially, for risk
assessment. Some for technology acquisition. Others for ongoing operations.
Smart security leaders will cover all the above and more. It's interesting
though – according to a recent study titled the 2017 Thales Data Threat Report
[http://www.prnewswire.com/news-releases/2017-thales-data-threat-report-security-spending-decisions-leave-sensitive-dat
2 min
Security Strategy
The One Aspect of Selling Security That You Don't Want to Miss
This is a guest post from our frequent contributor Kevin Beaver
[/author/kevinbeaver/]. You can read all of his previous guest posts here
[/author/kevinbeaver/].
When it comes to being successful in security, you must master the ability to
“sell” what you're doing. You must sell new security initiatives to executive
management. You must sell security policies and controls to users. You even have
to sell your customers and business partners on what you're doing to minimize
information risks. Thi
2 min
SMB Security is so Simple - Take Advantage of it Now.
This is a guest post from our frequent contributor Kevin Beaver
[/author/kevinbeaver/]. You can read all of his previous guest posts here
[/author/kevinbeaver/].
Small and medium-sized businesses (SMBs) have it made in terms of security. No,
I'm not referring to the threats, vulnerabilities, and business risks. Those are
the same regardless of the size of the organization. Instead, I'm talking about
how relatively easy it is to establish and build out core information security
functions and o
2 min
Famous quotes and their bearing on information security
I love reading the works of the achievement and leadership greats. Their words,
some of which date back centuries, not only provide insight and motivation for
my career, they also validate many of the challenges we face in IT and
information security today. These ideas are great additions to my writing and
speaking and they're also, arguably, the one shoe-in we have with management on
the points we're trying to convey.
Here are some great quotes from some famous people that you might find
benef
2 min
Network complexity: Bad for Business, Great for Job Security
For years I've written about how dangerous network complexity is for business.
[http://www.principlelogic.com/resources] It's simple math. The crazier things
are in your environment, the less control you have. In other words, the more
applications, computers, network segments, people, policies, cloud service
providers, and so on in your environment the harder it is to manage the risks.
It's a direct, quantifiable, and predictable inverse relationship.
Yet, no matter the degree of complexity n
2 min
Rapid7 Perspective
If you can't explain it simply, you don't understand it well enough
You may have heard “If you can't explain it simply, you don't understand it well
enough.” This is a quote attributed to Albert Einstein that I immediately
thought of when I read about the newly-published risk metrics findings of the
Ponemon Institute study The State of Risk-Based Security Management. Of the
1,320 IT and security professionals surveyed, 59% said that security metrics
information is too technical to be understood by non-technical management.
Really!?
There's not a single thing as