Today when I sat down to work, I had a number of questions sitting in Twitter and Slack about a Wall St. Journal article covering a new national cybersecurity strategy focus on insecure software. The headline was "Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity." As a software security professional, I […]
In our first post on this topic, we introduced the Hierarchy of Security Needs and tied it to psychology and why we thought it fit nicely in a discussion of security maturity. The TL;DR of that post is that it is handy to have a model for how foundational a particular security tool, function, control […]
I never thought about writing a post like this, but I can't think of much else to do in this moment so ... here goes. Yesterday, another DFW entrepreneur pointed me to this heartbreaking post on LinkedIn sharing the news that Carri Craver passed away last weekend. I met Carri at a BigDOCC (Big D […]
At Jemurai, we understand that the thought of cyber attacks can be overwhelming and concerning. For over a decade, we’ve helped clients with Application Security, Penetration Testing, and other aspects of cybersecurity consulting. In that time, we created a tool called securityprogram.io (SPIO) where clients can manage their security program in a straightforward framework which […]
Jemurai is a developer-focused cybersecurity firm that aims to help client teams make pragmatic decisions about audits, code, infrastructure, and processes. After years of consulting engagements, we discovered that many start-up to mid-sized businesses needed an easier way to implement a security program not only to have a strong security posture but also to handle […]
A security standard is a framework that an organization can use to improve their cybersecurity posture. Each set of standards outlines techniques for protecting the cybersecurity environment of a user or organization, including networks, devices, software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. […]
Your organization’s security posture might have world-class policies and procedures in place, but that won’t matter if your staff doesn’t know how to adhere to them and implement them. All members of your staff should have security awareness training, as well as training around any specific policies that must be adhered to, and training around […]
A procedure documents, in operational detail, how to perform specific tasks to ensure adherence to and compliance with a cybersecurity policy. Some procedures may be explicitly related to security, such as how to reset a password. Others may be more general, such as requiring background checks during the hiring process. That is one reason these may […]
Security policies are documents that help to define expectations around security, ensuring the confidentiality, integrity, and availability of information and resources within an organization. They serve as a guiding landmark for navigating security. When thought of abstractly, policies can be considered as the “what” is going to be done. Once approved and implemented, security policies […]
Vendor management concerns all of the vendors, partners, or subcontractors your organization relies upon in order to operate. With the rise of remote working, your staff is probably leveraging a variety of digital tools to ease collaboration and communication. Your security posture is only as good as the security used by the vendors you partner […]
