Tuesday, October 27, 2020

Cyber Snake Oil

While some Cyber solutions certainly deliver as promised, there is a multitude of solutions that seem to be wanting.

Namely, cloud security posture management (CSPM) and secure access service edge (SASE) solutions.

Akin to first-generation web application firewalls (WAFs), CSPM and SASE solutions seem to promise a lot while skeptically delivering value.  Like WAFs, I believe organizations will see these as a tool in the Cyber toolbox that can COMPLIMENT solid hygiene versus SUPPLEMENT said governance. 

Thursday, October 15, 2020

Control Frameworks - Use a Hybrid

Many orgs use a control framework (NIST 800-53, HITRUST CSF, COBIT, SIG, ISF SoGP, ISO 27002, CSA CCM) that doesnt completely express that orgs security/privacy/risk mgmt posture.

It behooves those orgs to use a hybrid mapped back to those frameworks.