We don’t cover stupid, says cyber insurer that’s fighting a payout

The nature and value of cyber insurance has been a closely watched debate in IT Security circles for some time.  Far too many organizations are hanging their hat and trusting their financial futures on having a large cyber insurance policy while ignoring the basic blocking and tackling of IT security best practices.  This article demonstrates a potential outcome to such an attitude.

https://nakedsecurity.sophos.com/2015/05/28/we-dont-cover-stupid-says-cyber-insurer-thats-fighting-a-payout/

Innovation vs. Risk & Compliance in Financial Services

I love the balancing act that innovation versus risk compliance represents, especially in a vertical like financial services.  There are so many great ideas that must be tempered and hardened in an insecure world.  I also love that IT Security is beginning to recognize this problem and move the conversation forward.  I worked hard when managing a security team to move our stock answer from “no” to a firm “yes, but…”.  Be willing to compromise as long as integrity can be maintained.

https://blogs.akamai.com/2015/05/innovation-vs-risk-compliance-in-financial-services.html

Microsoft and the Software Lifecycle

The patch management and vulnerability management nightmares that come along with battling end of life software and operating systems are not worth the effort.  Many organizations avoid upgrades under the guise of legacy software demands and shrinking maintenance windows.  Stop!  It is simply not safe and not worth it.  You are raising your risk level in an era of unprecedented criminal activity and known attack vectors.  Take the time to properly maintain your environments.

http://www.tripwire.com/state-of-security/vulnerability-management/microsoft-and-the-software-lifecycle/