there are hundreds of security frameworks out there, all somehow accredited and accepted by industry, all good, but compliance with any, or even all of them does not mean anything to state of security, does not affect the state of security and it is not a metric for security. being compliant is different than being… Continue reading Compliance ≉ Security
is security really a journey?
you have probably heard or even sick of it: security is a journey…it never ends…security is not a destination…yada yada is security really a journey, or let’s say, does it have to be an endless journey where we actually do not enjoy or even hate to have such a journey? security as a journey yes… Continue reading is security really a journey?
*DR
security community has been certainly obsessed with creating a new acronym every day instead of focusing on techniques and enhancing what is already there. basically we do not even try to enhance any thing, we just need to understand definitions and satisfy what has already been stated. XDR is one of those things now particularly… Continue reading *DR
is Dark Web really dark?
it has been relatively a long time since threat intelligence sources started to integrate what they call as “dark web” into their system of data/intelligence gathering, prioritization and delivery as a service to threat hunters. nothing really wrong with that, it is actually a reasonable and even crucial part of any threat hunting system, but… Continue reading is Dark Web really dark?
what is information security management?
information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there… Continue reading what is information security management?
having something vs doing something
There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,… Continue reading having something vs doing something
are you surprised by SolarWinds hack?
it is really funny when they call it one of the most sophisticated hacks in history and stuff like that, because it is actually one the most stupid hacks of all the times. nothing is really surprising about Solarigate or whatever they call it to me except how those companies that forever they have been… Continue reading are you surprised by SolarWinds hack?
SolarWinds hack: what just happened?
Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again? it is interesting that how these top security companies with lots of managed service and bunch of products in… Continue reading SolarWinds hack: what just happened?
human firewall
no doubt that users are the main problem in the whole concept of cyber defense, as we call it weakest link. Now, Awareness and Training as security community typically has been doing is neither effective nor actually deliverable. Imagine we would want to continue law enforcement and public awareness by means of “Most Wanted” posted… Continue reading human firewall
say The Word and you will be Secure:”wishes don’t wash dishes”
“Talk doesn’t cook rice.” Ancient Chinese Proverb There is a saying in Persian…you won’t taste sweetness in your mouth just by say Sweet, Sweet, Sweet…but it looks like industry believe we can be Secure just by saying Secure, Security, Sec… just by putting a Sec in front or end of a product, service, name, process,… Continue reading say The Word and you will be Secure:”wishes don’t wash dishes”