In 1905, George Santayana wrote, “Those who cannot remember the past are condemned to repeat it.” Variations of his words have been attributed to several famous people, but as far as some software developers are concerned, the underlying message has fallen on deaf ears.
When I teach security architecture, I’m often asked if the choice of programming language matters. From a security perspective, the answer is yes. But it’s a bit more complicated than that.
Today I’m going to talk about a growing problem in cybersecurity and IT in general: alert fatigue.
As a cybersecurity consultant, I work with a lot of small businesses. Please stop using free email services like Gmail and outlook.com for your business.
In security architecture, we often talk about defence in depth. But in practical terms, what does it really mean?
Most of the time this channel is focused on cybersecurity, but today I’m going to switch gears a bit and discuss the importance of physical security as it applies to information technology.
You can see some of the devices I mention in this video at .
Today I’m wrapping up a look at cybersecurity frameworks with the Government of Canada’s ITSG-33.
Another popular security framework is the Cyber Security Framework published by the US National Institute of Standards and Technology. You’ll usually hear it referred to by the acronyms NIST CSF.
SOC 2 is a voluntary compliance standard developed by the American Institute of Certified Professional Accountants that specifies how organizations should manage customer data. If your company provides cloud services, including software as a service, chances are your customers have asked for a SOC 2 report.
ISO/IEC 27001 is an international standard for Information Security Management Systems. Like many ISO standards, it’s a bit more complicated than it needs to be, and it’s not as flexible as other standards, but it remains one of the most popular.