What do you think this is?

just thoughts of a restless mind...

The wrong solution to a major problem

Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.

Disclaimer: Nothing below should be taken as a criticism of the services offered. Pointing out their flaws and inefficiencies does not mean they don't have any value.

Vulnerability and Patch management

During the last 3 months I got more times than expected in discussions about patch and vulnerability management. I need to say, there is much misunderstanding going around about these two processes; so much that I could argue that several organizations are exposing themselves significantly, just because the touch points and (lack of) dependencies in these two processes are not clear.

Risk understanding and coronavirus

Due to the Coronavirus outbreak there are lots of voices saying that we shouldn't care so much - especially if we haven't vaccinated for the flu which shows a lack of diligence on our side.

That could not be more wrong! People who say that understand ZERO about risk management, and since my social bubble is mostly security and risk management people, I find that very alarming.

Let me explain:

To cyber-insure or not?

Professional liability insurance has been around for long. It is not a surprise that Cyber Insurance is becoming a trend lately, considering the constantly raising number of security breaches. The post in one sentence: Cyber insurance is a good thing but be careful what you wish for.