Matt’s Blog
Information Security
Acquisition & Procurement Risk in the Cybersecurity Industry
Overview Information security for an organization is an ongoing process of users interacting with technology through a combination of policies, procedures, software and hardware to provide data confidentiality, integrity, and availability. All users are part of the...
Stakeholders and Ethics of Cybersecurity
The stakeholder is a term for an individual impacted by a corporation’s activities, and is in contrast to the idea of shareholder, which is a part owner of the corporation. It originated from Ian Mitroff’s book "Stakeholders of the Organizational Mind" and broadens...
Security Information and Event Management (SIEM)
A corporate data network transmits billions of data packets per day internally and out to the Internet. The data flow creates event records from many sources such as firewall security logs, user account sign on logs, and data resource access logs. By NIST 800-53...
The Iron Triangle: Cost, Quality, and Time
There’s a humorous sign frequently seen in various kinds of offices and workshops around North America. It says simply, “Fast, Good, or Cheap: Choose Two!” It’s a simple but useful model demonstrating the tradeoff between the constraints of quality, time, and cost. In...
The Coming Internet Apocalypse (really!)
There’s a looming disaster on the cyber horizon coming to the Internet and cellular communications in the next few years(McGrew, 2015). Specifically, 90% of the current encryption used for data transmission on the internet and in cellular phones will cease to be...
Governance Frameworks in Cybersecurity Acquisition
A complete and mature organizational cybersecurity infrastructure requires the use of a governance framework such as COBIT 4.1 aligned with a security control framework such as ISO/IEC 27002:2005. This provides a process to manage the complex security control...