Information Security Blogs
In Part 1, we addressed the uncomfortable reality that patching is not always possible.In Part 2, we showed that compensatory controls only matter if their effectiveness can be measured. Now comes the part many organizations overlook: The same risk logic does not stop at IT. In fact, it becomes even more critical in OT and... Continue Reading →
In Part 1, we established a hard truth: when patching is not possible, risk does not disappear, it just simply shifts. The vulnerability remains. Business dependency remains. The threat remains. What changes is how disciplined your response becomes. This is where many organizations fall short. They deploy compensatory controls, such an IPS signature here, a... Continue Reading →
1. Introduction: the day the patch answer fails There’s a moment every experienced security team eventually faces. A zero-day is disclosed. The exploit is real. The system is exposed. And then someone asks the question that sounds routine—but isn’t: “When can we patch?” You pause. Because this time, patching isn’t possible. The application is legacy... Continue Reading →
In the first part of this series, we explored the foundational elements of the risk management lifecycle as outlined by ISO 27000 series of standards. We will now delve into the second phase: Risk Assessment. This critical step involves identifying, analysing, and evaluating risks to your organization's information assets. 1. Identifying Assets: The initial step... Continue Reading →
wirecat 