#69 -CYBER SECURITY VULNERABILITIES – MARK BERNARD

Mark BernardI wrote the following article to help clarify CyberSecurity Threats and vulnerabilities, so that we can facilitate better risk assessment. This assessment of software vulnerabilities was based on data pulled from the Common Vulnerability and Exposure database. For added context below I included statistics from Q1 RedSocks Report on Malware. It’s apparent that the CVE only registers a small percentage of the overall vulnerabilities. This report supports the need for ongoing vulnerability management, however there is an equally important emphasis on regular security testing and integration with product development and change management. Continue reading

#63 – CYBER SECURITY CONTROL EFFECTIVENESS – MARK BERNARD

Mark BernardCyberSecurity requires the effective identification of risks and efficient implementation of controls designed to mitigate those risks. The efficient design and architecture of integrated control frameworks is crucial to limiting the potential negative impact on agility and competitiveness of many organizations. Continue reading

#54 – DESIGNING A QUALITY MANAGEMENT APPROACH FOR CYBERSECURITY – MARK BERNARD

Mark BernardHow do you use quality management systems (QMS) thinking to design an information systems management system (ISMS)?  There are a lot similarities.  Read on:

IMHO it starts with two sets of security standards, (a) the manufacturer and (b) the organization. Continue reading