How to Apply Proper Risk Management Methodology on Information Security?

How to apply proper risk management methodology on information security? Risk in its negative way might be defined as one undesired consequence that may or may not occur, as  a result of specific outcome we want to achieve. Shortly, it…

A Letter to the CISO; Talk about Business with your Board, not technicality.

Dear CISO and Board I think we should always consider our job as a part of the business. We finally started to consider cyber security and data protection as a serious issue but now the question is how we evaluate…

How Business Email Compromise Scams Can Hurt Your Business

Today’s digital frontier can be very much likened to the old days of the Wild West. In this present era identified by the ubiquitous nature of the Internet, cybercriminals are calling the shots; constantly blazing new trails in increasing sophistication…

The Business Risk of Cyber Threats to Ghana’s Banking & Financial Systems

The Cyber Security Threat Landscape Unless you have been living under a rock for the last few years you most certainly have been struck in awe by the overwhelming impact of cyber security breaches in major organizations making the headline…

Future SOC

Are you waiting for something bad, or going somewhere good? A CEO asked me that once. It is one of those deep questions that more information security people need to ask themselves. In the world of cybersecurity, the conventional thinking…

The Pyramid of Pain

To illustrate this concept, I have created what I like to call the Pyramid of Pain.  This simple diagram shows the relationship between the types of indicators you might use to detect an adversary's activities and how much pain it will cause…

The Security Cost of Free Smartphone Apps

There are hundreds of thousands of them to choose from now whether you have an iPhone, an Android or some other version of smartphone. Free mobile applications sound like a great bargain, but be aware that if you aren't careful,…