Archive
·
Would You Put Your Security in the Hands of a Guess?
A lot of risk decisions are made in the dark...why?
Risk
Latest
Archive
·
What Is Risk?
How do we respond to risk? Do we have the data we need to make an informed decision?
Archive
·
Lessons in Designing Blast Radius The Hard Way; One Mistake Crashes Facebook For Hours
Facebook, Instagram, and WhatsApp are deeply integrating into many aspects of daily life for many communities and business. One networking misconfiguration reminded 3.5 billion users of just that.
Archive
·
Passwords Suck
Passwords are the worst. Trying to pick a "secure" one makes the whole thing worse. Every site and service has it's own variation on the "rules" for making a strong password and it's hard to remember what you've set your password to.
Archive
·
Legacy Authentication Risks
The Canada Revenue Agency suffered a large breach exposing over 5,000 citizens to COVID-19 benefit fraud. This issue exposes some of the challenges of providing authentication services to millions of citizens. Why did this happen? And what can we do to protect ourselves?
Archive
·
Should I Worry About TikTok?
Is a social network focused on dancing, lip syncing, and fun a threat to national security just because of who owns it? Is TikTok a threat to national security? Do you need to worry about it you or your family using it?
Archive
·
Risk Decisions in an Imperfect World
Security is often spoken of in absolutes. Is this secure? Is that insecure? The reality is that security is a spectrum. It is a series of implicit and explicit decisions made to meet the business needs within an acceptable risk tolerance.
Archive
·
Keep Decisions Up To Date
Decisions are hard enough that you don't want to have to revisit them constantly. But that's exactly what is required in the realm of cybersecurity. Do you have a system in place to review decisions? Are you recording the right information to update those decisions when the time come
Archive
·
DRUGS!!! and IT Risk and Graphs
Many questions come along with the federal legalization of cannabis in Canada. It's a massive example of trickle down risk as various controls around usage and methods of delivery are pushed into areas they weren't designed for. Are you doing the same thing with your IT deployments? Are
Archive
·
Cybersecurity Basics #11a - Risk Assessments Redux
In your personal life you're assessing risk constantly whether you know it or not. In the digital world the same thing happens BUT you probably don't have the required context to make an informed decision.
Archive
·
Cybersecurity Basics #11 - Risk Assessments & Pen Tests
Risk assessments are useful when kept in context and continually updated. A penetration test (or pen test) is when your system undergoes a "friendly" attack with the idea of find issues before cybercriminals do. Together they are a strong set of practices to help you defences.