Author: Johna Till Johnson

For years, it seemed as though AT&T and Amazon viewed each other as competition. Despite depending on the network for its very existence, Amazon treated the network as a commodity: Users only needed cheapest-possible Internet services to connect to Amazon--including to its market-leading Amazon Web...

Executive Summary IT organizations are moving toward a risk-management approach to information security. But what does that mean, and how can infosec professionals actually implement such an approach? What does it mean to take a “risk-based” approach to security budgeting? Nemertes outlines our Business Risk Portfolio...

In our 2016/2017 Security and Risk Management Benchmark and Maturity Model, we highlighted a set of "bellwether technologies": Technologies that, we believed, would characterize the most sophisticated security organiztions. By and large, the technologies we selected were, in fact, considerably more likely to be deployed...

Unless you've been living under a rock for the past 8 years, you've been exposed to the concept of IoT. For enterprise organizations, it's a key component of Digital Transformation (DT), primarily because it enables companies to capture huge amounts of data. And "data has value" is one...

If you're active in the cybersecurity field, chances are you've seen, heard, talked about or experienced the paucity in trained cybersecurity professionals. Predictions vary, but Cisco estimates there will be a global skills shortfall of around 2 million by 2019; other estimates are even highter...

My morning cybersecurity alert scan uncovered this gem by CPA Joel Lanz on how to budget for cybersecurity. He makes a lot of excellent points. My favorite is being able to document that you've deployed, used, and benefitted from your previous investments in cybersecurity technology. Many...

I recently read an extremely provocative article on the topic of what information major providers--including Microsoft, McAfee, and others--are routinely capturing from their customers. Some of it may appear benign, and the article is focused on consumers, who bear the brunt of the information exposures. The companies...

Earlier this week I wrote about steps that infosec managers can take to protect enterprise organizations against ransomware. Today, I'd like to focus on the third of those steps: Employee education. A reminder: Ransomware isn't a trivial problem. A study by Kaspersky Labs found that 42% of...

There's a great recent piece in BankInfo Security on "the top four questions the board should ask the CISO". I like it because not only is it insightful, but it also serves as a fantastic advertisement for Nemertes' services. Lest anyone forget, we are in the business...

Most cybersecurity professionals worry that their security initiatives are not up to snuff. And they're probably right. Based on the Nemertes 2016/2017 Cybersecurity Benchmark and Maturity Model, for which we interviewed some of the best and most successful enterprise security firms in the world, many...