I heard a question the other day that caught me off guard. “Why do you guys even sell IPS (Intrusion Prevention Systems), is there even value in that anymore? Shouldn’t you just recommend patching vulnerable systems?” 

The Policy applies to the full lifecycle of CJI including its creation, viewing, modification, transmission, dissemination, storage and eventual destruction. The release of CJIS Policy Version 5.3 in August of this year takes into account the sweeping changes mobile technology has brought to the front lines of public safety services. Executive Summary The CJIS Security…

The recently publicized “Heartbleed” SSL/TLS bug has received a tremendous amount of media coverage and, deservedly, a significant amount of concern amongst the IT security community. Rather than rehash the same information that has been shared repeatedly, I would like to offer some philosophical commentary, concise guidance, and additional resources to the IT community as…

One of the great things about being on the security assessment team is the ability to work with companies to truly improve their overall security posture. Sure, it’s interesting to talk about zero-days and exotic exploits against systems they don’t have, but in most cases, it doesn’t hold particular relevance.

Healthcare IT (HIT) Security is garnering greater attention among healthcare organizations, though most HIT execs indicate they are not fully prepared. In fact, a recent report by the SANS Institute indicates that healthcare organizations are being compromised at an “alarming” frequency. Given the hefty average cost of an incident coming in at a whopping $800,000,…

The Problem Bring your own device (BYOD) means something different to everyone you talk to. Is it company issued mobile devices, is it the employee’s mobile devices, or is it employees bringing their personal laptops to work?