Eliminating Passwords in the Enterprise

Passwords can be a pain for everyone. They are not secure and are prone to misuse. Isn’t it time to get rid of them entirely? While issuing an enterprise credential with a strong password is fairly easy to accomplish, managing that password over the credential’s lifetime is more difficult. User password resets, compromised passwords and […]

Continue Reading

Why You Shouldn’t Study for Certification Exams

People often ask me about the best way to prepare for a successful CISA, CISM, CGEIT or CRISC examination. They are usually surprised to hear my advice: Do not study for the exam at all—study for the knowledge! As to my opinion, what sets ISACA’s certifications apart from many other credentials on the market is […]

Continue Reading

Why Cyber Readiness Activities Are Important

CISSP and other security domain “paper” knowledge and testing of the core cybersecurity domains is helpful. But with the rapid change in adversary tactics and new technologies, exercising against that knowledge is critical. We must exercise our skillset to maintain vigilance on our networks day-to-day. Both government and industry cyber readiness is critical. Often there […]

Continue Reading

Security Management and Internal Audit: Becoming Two Sides of the Same Coin

Internal security audits are a valuable source of information and highlight the areas that require attention, but do not be overly driven by their findings and recommendations. Excessively strengthened security controls can impact business negatively. Security-related audit findings must be viewed in context of the relationship between business goals, the threat profile and the security […]

Continue Reading
%d bloggers like this: