Have you been hearing these terms thrown around by your IT or Compliance teams, but aren’t quite sure what they are talking about? This post aims to clarify the two types of testing, and provide some basic information to help identify which test is right for you.
Recapping real world observations relevant to my recently completed SANS MGT433 course.
2018 ISACA New England Conference This week I was fortunate enough to attend the 2018 ISACA New England Conference. Between catching up with clients and colleagues I was able to sit in on a few interesting sessions. The CISO for Verodin presented on the concept of continual control validation. The presentation was pretty interesting. The … Continue reading Weekly Update #8 – CONs and Security Awareness
I'll admit I have been neglecting the blog over the last few weeks - though I have stayed busy! Although I have not been writing here, there are a few pieces of content posted over at the Wolf page that are worth noting: Client Alert - CIS CSCv7 Blog Post - Meet the NCUA ACET I … Continue reading Weekly Recap 7
I was recently reading the Internet Security Threat Report (ISTR) from Symantec put out July 2017 "Living off the land and fileless attack techniques" and wanted to call attention to this document, as many of the TTPs discussed seem to be just as relevant today. One of the TTPs that jumps out is what Symatec … Continue reading Weekly Recap #6 – “Living off the Land”