I heard a question the other day that caught me off guard. “Why do you guys even sell IPS (Intrusion Prevention Systems), is there even value in that anymore? Shouldn’t you just recommend patching vulnerable systems?” 

The Policy applies to the full lifecycle of CJI including its creation, viewing, modification, transmission, dissemination, storage and eventual destruction. The release of CJIS Policy Version 5.3 in August of this year takes into account the sweeping changes mobile technology has brought to the front lines of public safety services. Executive Summary The CJIS Security…

The big security news last week was Shellshock, a vulnerability that affects the Bash shell on *nix operating systems (including Macs). So good news, Windows admins, you get to sit this one out. For the rest of the world, the impact of Shellshock is still unclear and perhaps that’s what is making it most unsettling….

We are in the middle of security conference season. Therefore, it’s not entirely unexpected to see headlines from Black Hat and other conferences discussing “grave” security threats, and what they mean to our ability to protect our organizations and ourselves.

Good risk assessments tend to include at least three distinct assessment components of varying complexity, followed by a good reporting system with internal and external checks and balances. While specifically designed for the Health Insurance Portability and Accountability Act (HIPAA), this general methodology could be used for any assessment project with a compliance component. For…

The recently publicized “Heartbleed” SSL/TLS bug has received a tremendous amount of media coverage and, deservedly, a significant amount of concern amongst the IT security community. Rather than rehash the same information that has been shared repeatedly, I would like to offer some philosophical commentary, concise guidance, and additional resources to the IT community as…