Matt’s Blog

Information Security

 

Acquisition & Procurement Risk in the Cybersecurity Industry

Acquisition & Procurement Risk in the Cybersecurity Industry

Overview Information security for an organization is an ongoing process of users interacting with technology through a combination of policies, procedures, software and hardware to provide data confidentiality, integrity, and availability. All users are part of the...

Stakeholders and Ethics of Cybersecurity

Stakeholders and Ethics of Cybersecurity

The stakeholder is a term for an individual impacted by a corporation’s activities, and is in contrast to the idea of shareholder, which is a part owner of the corporation. It originated from Ian Mitroff’s book "Stakeholders of the Organizational Mind" and broadens...

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM)

A corporate data network transmits billions of data packets per day internally and out to the Internet. The data flow creates event records from many sources such as firewall security logs, user account sign on logs, and data resource access logs.  By NIST 800-53...

The Iron Triangle: Cost, Quality, and Time

The Iron Triangle: Cost, Quality, and Time

There’s a humorous sign frequently seen in various kinds of offices and workshops around North America. It says simply, “Fast, Good, or Cheap: Choose Two!” It’s a simple but useful model demonstrating the tradeoff between the constraints of quality, time, and cost. In...

The Coming Internet Apocalypse (really!)

The Coming Internet Apocalypse (really!)

There’s a looming disaster on the cyber horizon coming to the Internet and cellular communications in the next few years(McGrew, 2015). Specifically, 90% of the current encryption used for data transmission on the internet and in cellular phones will cease to be...

Governance Frameworks in Cybersecurity Acquisition

Governance Frameworks in Cybersecurity Acquisition

A complete and mature organizational cybersecurity infrastructure requires the use of a governance framework such as COBIT 4.1 aligned with a security control framework such as ISO/IEC 27002:2005. This provides a process to manage the complex security control...