Author Archives for Corey E. Thomas

Breach Preparedness: Don’t Wait Until it’s Too Late

Published by

“It’s not if, but when.” This phrase has become rote within the security community, where the unfortunate reality is that breaches are inevitable, regardless of an organization’s industry or size. In acknowledging that a determined attacker can almost always get in, the focus becomes detection and containment in addition to prevention. A strong security strategy shouldn’t just ensure that your organization is difficult to compromise—it should also include plans for threat detection and incident response that maximize opportunities to detect a compromise and minimize fallout in the event of a breach. Lay the Groundwork. By nature, incident response requires high... Read More


What to Expect from a Security Assessment

Published by

As information security becomes increasingly visible and accepted as a core business function, senior executives need to have a thorough understanding of the organization’s overall security posture as well as a way to identify areas needing improvement. A security assessment increases awareness and understanding of security issues, but more importantly, it helps key decision-makers make smart security investments by highlighting high-importance and high-payoff tasks to work on. Security assessments are not just hunting expeditions to find security weaknesses. A security assessment is a top-down analysis of existing security controls and processes. It provides an understanding of the status of each... Read More