Tag: security policy
-
Two Frameworks For Securing A Decentralized Enterprise
This post was originally published on Forbes Many modern enterprises no longer operate in a highly centralized manner. Traditionally, cybersecurity in enterprise environments consisted of defining trust boundaries, placing controls over these boundaries, setting standards and policies for the safe and secure handling of data, enforcing said policies and scrutinizing any code/applications that were developed…
-
Basic is great
Encouraged by the response to my last post (https://www.iamit.org/blog/2018/06/the-ian-amit-spectrum-of-pentesting-efficacy/ for those who missed it), and following up on a couple of recent Twitter/LinkedIn/WhatsApp conversations, I’d like to emphasize the importance of doing basic and simple work (in security, but it probably also applies to everything else). We are working in a weird industry. The industry…
-
the art of not thinking about elephants
Approaching risk management should be done in the most holistic manner, this means that EVERY aspect of information flow should be taken into account. This article describes how a red-team test managed to exfiltrate data out of a closed/non-connected network using innovative thinking.
-
Identity crisis
Here’s a common question I get asked a lot: “What technology should I use to secure my server/network/[some technology]?†The question is usually presented by someone who’s in charge of “Security†in an organization. Now, I wouldn’t have had a problem with this if this was a technician, or a pen-tester of sorts, but I…