Author Archives for Corey E. Thomas

The Corporate Director’s Guide to GDPR

Published by

On May 25, 2018, a major new piece of data protection regulation will come into effect across the European Union (EU), and with it comes the potential for hefty fines or penalties for your organization. Even if you do not directly operate in the EU, chances are that the General Data Protection Regulation (GDPR) still pertains to your company. The regulation covers any entity that processes the personal data of EU citizens (referred to as “data subjects”), even if the organization does not provide goods or services to EU citizens and only handles or processes their data. Unless you are... Read More


Breach Preparedness: Don’t Wait Until it’s Too Late

Published by

“It’s not if, but when.” This phrase has become rote within the security community, where the unfortunate reality is that breaches are inevitable, regardless of an organization’s industry or size. In acknowledging that a determined attacker can almost always get in, the focus becomes detection and containment in addition to prevention. A strong security strategy shouldn’t just ensure that your organization is difficult to compromise—it should also include plans for threat detection and incident response that maximize opportunities to detect a compromise and minimize fallout in the event of a breach. Lay the Groundwork. By nature, incident response requires high... Read More


What to Expect from a Security Assessment

Published by

As information security becomes increasingly visible and accepted as a core business function, senior executives need to have a thorough understanding of the organization’s overall security posture as well as a way to identify areas needing improvement. A security assessment increases awareness and understanding of security issues, but more importantly, it helps key decision-makers make smart security investments by highlighting high-importance and high-payoff tasks to work on. Security assessments are not just hunting expeditions to find security weaknesses. A security assessment is a top-down analysis of existing security controls and processes. It provides an understanding of the status of each... Read More