Application Security September 30, 2016 Pros and Cons of Building and Maintaining In-House Pen Testing Capability 4 min read - Security leaders must weigh the convenience and speed of in-house pen testing against the cost of maintaining a team to conduct security tests.
CISO August 22, 2016 Threat Modeling in the Enterprise, Part 3: Understanding the Context 3 min read - When evaluating overall risk in the context of threat modeling, it is important to identify the threat actors, their motivations and their capabilities.
CISO August 15, 2016 Threat Modeling in the Enterprise, Part 2: Understanding the Process 3 min read - The output of a carefully executed threat modeling exercise can be extremely valuable when informing your security control selection process.
CISO August 8, 2016 Threat Modeling in the Enterprise, Part 1: Understanding the Basics 5 min read - Threat modeling allows enterprises to manage risk more effectively and build a better understanding of the possible attack vectors.