SWAG Security Analysis
top of page
Here in Israel there were two security breaches that made big headlines over the last couple weeks. The first was a an ongoing ransomware...
Stanislaw Banaszak
- 4 gru 2020
- 2 min
DORA the (Threat Led) Explorer
As financial firms become more digital, the EU decided these firms need to focus on ensuring their operations are as cyber resilient as...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 29 lis 2020
- 2 min
When a Zero Day is Old News
This week Microsoft released a zero day patch for an unpatched local privilege escalation (LPE) vulnerability affecting all Windows 7 and...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 22 lis 2020
- 2 min
Outcome based Cyber Security
Donald Rumsfeld was the US Secretary of Defense from 1975-1977 and once answered a security question using the terms known knowns, known...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 14 lis 2020
- 2 min
Trump, Biden and CVSS
Businesses use predictive metrics all the time. For example, forecasting next quarter’s revenue is a predictive metric used widely in...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 1 lis 2020
- 2 min
Digital Security: CISO, TISO, BISO, BASE
First a little history. CIOs in the 80s and early 90s were focused on the technical side of the job. They would tend to have a technical...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 25 paź 2020
- 2 min
Security in Numbers
Security (or Safety) in numbers is the hypothesis that, by being part of a large physical group or mass, an individual is less likely to...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 17 paź 2020
- 2 min
Cybersecurity and Continuous Improvement
The busy folks at NIST have just released the official version of NISTIR 8286 Integrating Cybersecurity and Enterprise Risk Management...
3 wyświetlenia0 komentarzy
Stanislaw Banaszak
- 11 paź 2020
- 2 min
Protecting Airspace, WLAN, Wireless and WiFi – Oh My
The interest in protecting organizational wireless networks is growing and so are the number of guidelines, best practices and standards...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 5 paź 2020
- 2 min
800-53 Revision 5 – Outcome Based Security and Privacy Control
NIST released Special Publication 800-53 Revision 5 earlier this month. In my mind it is actually different enough from previous releases...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 21 wrz 2020
- 2 min
Wireless Red Teams: Evil Twins, Eavesdropping, and Password Cracking
Many companies operate wireless networks to allow greater flexibility through mobile computing. In many cases IT departments deploy...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 7 wrz 2020
- 1 min
Red, White and Blue Make Purple
Vulnerability scanning, penetration testing and red teams are the main detective controls for residual cyber risk – i.e. the risk that...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 26 sie 2020
- 2 min
Red, White and Blue Cybersecurity Risks
Cybersecurity is moving away from using threats, vulnerabilities and exploits as the management metaphor towards risk-based cybersecurity...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 16 lip 2020
- 1 min
Lack of Standard Metrics
Lack of standard metrics to measure, manage and benchmark cyber risk limits security efficiency and effectiveness, making it difficult to...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 17 cze 2020
- 2 min
Fragmented technologies
Organizations’ cyber security stack consist of 100-150 different disconnected point tools or technologies making it difficult to assess...
1 wyświetlenie0 komentarzy
Stanislaw Banaszak
- 15 cze 2020
- 1 min
Constantly Shifting Business Needs
In today’s modern world business needs are constantly shifting, IT and cyber risk landscape require a constant stream of attention and...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 20 paź 2019
- 2 min
Is Cyber Security Fit-to-Purpose?
ITIL (IT Infrastructure Library) is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 18 paź 2019
- 2 min
Cyber security: Emphasize Protect or Detect?
I am a subscriber to the NIST cyber security framework school of thought. Even though it is officially called the “Framework for...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 12 paź 2019
- 2 min
Measuring the Value of Cyber Security
A value-driven approach to cyber security would help businesses understand where to spend their cyber security budget, and how much to...
0 wyświetleń0 komentarzy
Stanislaw Banaszak
- 22 wrz 2019
- 2 min
Visibility, Analytics, Policies and Control are the Lynchpin of Cyber Security
Visibility is context. Analytics combine context with events. Policy translates that into a ”plan of action implemented by controls....
0 wyświetleń0 komentarzy
bottom of page