By Allan Caton, CISSP, CISM, CCSP, CISMP  Most companies are migrating from an environment of legacy, on-premise systems to the cloud which will result in a hybrid environment. Market forces are driving the push toward usable, mobile technology and the always-on, always-available, ubiquity of web-based applications. This shift will include both customers and all types of enterprise users – including employees, contractors, vendors, partners, etc.  This shift to a decentralized, identity-centric operating model brings with it the absolute requirement to consider the security of the user identities, devices and data which comprise the enterprise estate. The future of identity management, authentication, data management and network access demand a fresh look at how security protects corporate assets.  The days when a simple password was sufficient to protect access

Have you ever baked something, only to see it fail due to the lack of a key ingredient? For instance, a cake will not rise if you add baking powder after you realize it was forgotten in the original ingredient list. The same is true for many failed endeavors. The addition of a critical component after the project is completed does little to improve the original plan. In many cases, it introduces unintended complexity that sets off a cascading series of problems. As a security professional, you probably can name a list of software that was released too early, requiring so many revisions to correct the problems that the original intent was dwarfed by the patches. According to one source,

In a year that presented so many challenges – a global pandemic, social unrest and an economic downturn – one success is worth noting: When cybersecurity professionals were called upon to secure remote environments in a hurry, they stepped up. As many companies were forced to shift to a work-from-home model because of COVID-19 for most or all employees, cybersecurity teams went to work on securing both these newly created remote environments and existing corporate networks. Data from (ISC)²’s 2020 Cybersecurity Workforce Study shows respondents believe those efforts were largely successful. Even though 30% of cybersecurity professionals had a deadline of one day or less to transition staff to remote work and secure their environments, 92% of study respondents say

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused because applying patches is one of the many ways available in our arsenal to mitigate cyber risks. What is Patch Management? Patch management is a strategy for managing patches or upgrades for software applications and technologies and involves the acquisition, testing, and installation of multiple patches to an administered computer system in order to fix known vulnerabilities. Patch management significantly shapes the security of your business, network

Rebel, Yell! In late 2019, the phrase “OK, Boomer” started being used by millennials toward the elders who preceded them mockingly. This behavioral pattern isn’t new. Younger generations have always rebelled against their elders. Even in cultures where the elderly population is highly respected, the younger generations have developed their own language, music, art, literature and customs. The difference now is that this is the first time that the elderly out-number the younger members of society. This trend is projected to continue for the next 40 years. While some may see this as a troubling number, for those who work in healthcare, this has different implications. The healthcare field is growing at a rate that is concurrent with the predicted