Posts in This is Security
Applying Standards

In November 1999, Bruce Schneier famously wrote that “complexity is the worst enemy of security” in his essay titled, A Plea for Simplicity – you can’t secure what you don’t understand. Schneier’s principle is an adaptation of the linear algebra concept of an undetermined system, which is defined as a system that has more variables than equations. In such cases, the number of solutions can be infinite. When this concept is applied to information systems, the same holds true. If there are more unknowns than knowns, you will never be able to secure the system.

Read More
Supply Chain Security

Organizations can do all the right things in securing their environments but attacks against their IT supply chain can torpedo all their efforts. Vendor management, third-party management, supply chain management – whatever the term used – needs to be a staple of your organization’s cybersecurity program. 

Read More
Information Asset Management

In 1948, in his address to the House of Commons, Winston Churchill stated that “those who fail to learn from history are bound to repeat it.”  The context then, as it is today, provides an ominous warning that those who fail to learn from past mistakes are destined to make them again and again. On a daily basis the NJCCIC intakes reports of cybersecurity incidents from across the State while also studying incidents outside its purview for the purpose of learning from these “historical events” and improving the state of cybersecurity in New Jersey and beyond. 

Read More