When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a bit more complicated than that.
Vlogmas 2022 Day 21: Alert fatigue
Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.
Vlogmas 2022 Day 20: Stop using free email for your business
As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.
Vlogmas 2022 Day 19: Practical defence in depth
In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?
Vlogmas 2022 Day 18: Physical security matters
Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it applies to information technology.
You can see some of the devices I mention in this video at .
Vlogmas 2022 Day 17: ITSG-33
Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.
Vlogmas 2022 Day 16: NIST CSF
Another popular security framework is the Cyber Security Framework published by the US National Institute of Standards and Technology. You’ll usually hear it referred to by the acronyms NIST CSF.
Vlogmas 2022 Day 15: SOC 2
SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Professional Accountants that specifies how organizations should manage customer data. If your company provides cloud services, including software as a service, chances are your customers have asked for a SOC 2 report.
Vlogmas 2022 Day 14: ISO/IEC 27001
ISO/IEC 27001 is an international standard for Information Security Management Systems. Like many ISO standards, it’s a bit more complicated than it needs to be, and it’s not as flexible as other standards, but it remains one of the most popular.
Vlogmas 2022 Day 13: Cybersecurity frameworks
Today we’re talking about cybersecurity frameworks.