The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used as if they are interchangeable, this is not the case. Most are confused because applying patches is one of the many ways available in our arsenal to mitigate cyber risks. What is Patch Management? Patch management is a strategy for managing patches or upgrades for software applications and technologies and involves the acquisition, testing, and installation of multiple patches to an administered computer system in order to fix known vulnerabilities. Patch management significantly shapes the security of your business, network

Rebel, Yell! In late 2019, the phrase “OK, Boomer” started being used by millennials toward the elders who preceded them mockingly. This behavioral pattern isn’t new. Younger generations have always rebelled against their elders. Even in cultures where the elderly population is highly respected, the younger generations have developed their own language, music, art, literature and customs. The difference now is that this is the first time that the elderly out-number the younger members of society. This trend is projected to continue for the next 40 years. While some may see this as a troubling number, for those who work in healthcare, this has different implications. The healthcare field is growing at a rate that is concurrent with the predicted

The Certified Information Systems Security Professional (CISSP) certification is considered to be the gold standard in information security. This is so because of all the doors that certification opens to a CISSP professional. Those doors lead to many different types of positions and opportunities, thus making the information security community dynamic and multifaceted. In support of this, (ISC)² has launched a series of interviews to explore where CISSP certification has led security professionals. In our first interview, we met Javvad Malik and heard about his experiences. This installment features Jerome Leach. He works as Cyber Officer in the Coast Guard Cyber Command for the U.S. Coast Guard. He is a security professional and keen researcher.  What job do you do

by John Martin, CISSP, Senior Security Architect, IBM New Zealand Are you ready for the New Zealand Privacy Act 2020 to come into effect on 1st December 2020? There’s a lot to consider as the clock ticks down and your organisation’s ability to comply is critical if you want to avoid some of the hefty fines involved. As you align your security strategy with your business, here are some key areas to consider as you prepare: Reporting privacy breaches immediately It will be mandatory for businesses to immediately report serious privacy breaches, particularly where a data breach poses a risk of harm; for example, when leaked personal information is used in identity theft or accidentally published online. The cost of

As published in the September/October 2020 edition of InfoSecurity Professional Magazine By Anita J. Bateman, CISSP We are all plagued by technical debt in the form of legacy systems that can no longer be patched but must be kept up and running. Critical business processes, legacy data retention, lack of system knowledge or “pet” projects might keep us from retiring these difficult-to-maintain systems. From the very first operating system updates on the original IBM 360 to the latest Windows 10 updates today, we still struggle with this common challenge to fully patch and maintain our technical systems. Might there be a different way to approach this perennial issue? Might we invoke some of the philosophies, principals and methodologies of organizational experts when