Why are Operating Systems and other Software full of Security Holes?

It’s been a bit more than ten years now since the security industry began calling attention to buggy software development practices.  And despite the security industry’s best efforts, most software development companies continue to produce code with security flaws. Read the rest of this entry ?

Are you “at the mercy of your service provider”?

We received an email today from a credit union examiner in the eastern United States.  We had the privilege of providing him a week of IT training earlier in the year through our relationship with NASCUS.  He wrote, “So many of these small to medium size shops are at the mercy of the service provider and therefore rely on them for everything… what kind of detail should a vendor provide to the credit union about IT controls?” Read the rest of this entry ?

Ask Employees, What is More Valuable?

The Office of Thrift Supervision (OTS) is the federal regulatory agency that oversees federally chartered thrifts (Savings and Loans).  I presented to a terrific audience of examiners today, about 170, from the western United States.  My topic was “Every Sociopath is Your Neighbor: An Overview of IT Risks in a Connected World.”  Read the rest of this entry ?