Michael Santarcangelo delivers Awareness that Works™
by Ron Woerner Whether you call it lay-offs, downsizing, rightsizing, redundancies, a reduction in force, or whatever, a reduction in staff stinks. Downturns in the economy often translate to a reduced volume of business, resulting in a correlated reduction in staff. One of the hardest jobs in Security is ensuring that those who are asked [...]
by Ron Woerner Recently, I had to justify a vacant opening for a security analyst responsible for policy and awareness. This article is the position paper from that effort. Feel free to use it if you ever need to justify this position. “The position of Security Policy & Awareness is the key to the success [...]
by Ron Woerner Do you know THE Goal of your organization? Why does it exist? What’s its purpose? Even if you work for a “security company,” its main goal is not security (or at least it shouldn’t be). I know that this sounds like sacrilege, but its not. The main goal of most private sector [...]
by Ron Woerner Often, we’re our own worst enemy. We do things that make us a likely target for blame. In other words, we’re on the suspect list. We receive the blame when something goes wrong because of our actions or the access we maintain. The best strategy is to keep yourself and other off [...]
by Ron Woerner “Seven out of ten companies overspend on IT expenses without improving security or becoming compliant.” Computerworld What causes this phenomenon? One would think that overspending on security would be a good thing. It’s not. Overspending in some areas causes underspending in others that may have greater value to the business. This practice [...]
by Ron Woerner “7 out of 10 companies overspend on IT expenses without improving security or becoming compliant.” Computerworld What causes this phenomenon? One would think that overspending on security would be a good thing. It’s not. Overspending in some areas causes underspending in others that may have greater value to the business. This practice [...]
I’ve decided that Sarbanes-Oxley Auditors have it wrong. After 4 years, they look for the wrong things, often costing companies millions of dollars. Their focus is often on minutia leaving the lowest hanging fruit untouched. Why did this happen? Because they haven’t learned from history and they don’t understand the root cause of it all: [...]
Security has a bad name. Whenever I say I work in security, people get paranoid assuming that my job is to block whatever good work they are doing in the name of security. Plus, in many organizations, security is a one way street. Information goes in, but never comes out. There’s no information sharing because [...]
According to many, user education is one of the best methods of ensuring adequate protection of your information assets. It’s been eternally touted as one of the requirements of a viable information security program. This article is not about that, though. It’s about knowing your users/customers. Yes, Mr. & Ms. Security Professional, your users are [...]
Engage with Michael