The Wheel of Suffering: Don’t Be a Jerk to Your Future Self

Findings. Defects. Whatever you call them, your organization’s security posture is full of them. At RSA, we use the umbrella term “Issues Management”. So many organizations handle their vulnerabilities, misconfigurations, failed controls, and policy and process gaps the same way: the hard way. The hard way is the reactive way, the just-in-time way, and the…

Introducing RSA Archer GRC 6 to Our Federal Community

Through the years, as federal information assurance professionals, we’ve seen a lot of adjustments and evolution. We had an arms race in buying newer and better firewalls, more secure networking devices, IDSs, IPSs, and SIEM tools. We bought generations of scanners and sensors. We watched several iterations of C&A and A&A methodologies come and go.…

NIST Event Highlights Advances in Maturity of Cloud Community

Recently, NIST hosted the Cloud Computing Workshop and Forum VIII at their headquarters in Gaithersburg, MD. It is part of the larger NIST ITL Cloud Computing Program. It was an impressive event, with four days of multiple simultaneous tracks. As security professionals, we all know it’s hard to juggle and stay abreast of all the topics…

Great News from the 6th NIST Cybersecurity Framework Workshop

I just got back from NIST’s 6th Cybersecurity Framework Workshop in Tampa and wanted to share some of the signs of progress. This was the sixth workshop, but the first in another sense. By this I mean that it’s been eight months since the release of the framework. This workshop really had the feel that…