February 23, 2026
The landscape of cyber threats targeting the Department of Defense (DoD) is constantly evolving, demanding a paradigm shift in how we secure critical national …
Read Article
April 17, 2024
In the realm of cybersecurity, adherence to rigorous standards and best practices is paramount to safeguarding sensitive information and maintaining the …
Read Article
April 17, 2024
In an era of ever-evolving cyber threats, traditional security models are proving to be inadequate in safeguarding sensitive data and systems. Enter Zero Trust, …
Read Article
April 17, 2024
In the realm of cybersecurity, having the right tools and expertise is crucial for protecting organizations from evolving threats and ensuring robust defense …
Read Article
April 17, 2024
In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding sensitive …
Read Article
May 25, 2021
By Kathryn Daily, CISSP, CAP, RDRP Recently our regional grocery store chain notified their employees and customers that they had a data breach involving some …
Read Article
November 12, 2019
By Lon J. Berman, CISSP, RDRP Just when folks were beginning to get somewhat comfortable … or, at least, familiar … with the Risk Management Framework (RMF), …
Read Article
April 15, 2019
By Lon J. Berman CISSP, RDRP CNSSI 4009 defines Security Control Inheritance as “a situation in which an information system or application receives protection …
Read Article
April 5, 2019
"How much information is in a message?" Huh??? That sentence, in the context of typical use of those words (information & message), doesn't immediately make …
Read Article
July 13, 2017
This article was written by Lon Berman, CISSP, RDRP of BAI Information Security Step 6 of the Risk Management Framework (RMF) is entitled “Monitor Security …
Read Article
February 24, 2017
We knew this day was coming. On a long enough timeline, the survival rate for every algorithm drops to zero. Yes, I'm paraphrasing Tyler Durden. It's slightly …
Read Article
January 24, 2017
My time in the IT world is closer to three decades than two. And anyone else who has been around half as long can testify to the amount of change that has …
Read Article
September 16, 2016
By Kathryn M. Daily, CISSP of BAI Information Security In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls. …
Read Article
June 7, 2016
By Lon J. Berman, CISSP at BAI Information Security Let’s take a look at some strategies for reviewing the Security Control Baseline and creating “action plans” …
Read Article
June 1, 2016
By Kathryn M. Farrish, CISSP BAI Information Security Security Control Inheritance is one of the most powerful tools available to facilitate the RMF process. …
Read Article
April 27, 2016
Apple uses a variety of scans for wireless LAN/physical location information. There are Preferred Network Offload (PNO) Scans, Enhanced Preferred Network …
Read Article
March 11, 2016
I recently had a client who had a Security+ certification that was about to expire and he asked me a question that I wanted to share with our readers. If my …
Read Article
February 18, 2016
With all the renewed furor over the government attempting to force Apple to backdoor iOS devices so the FBI can inspect the phone of the San Bernardino …
Read Article
January 19, 2016
In this post Colin explores password entropy and what it means in terms of password strength.
Read Article
November 23, 2015
Article by Kathryn Farrish, CISSP Imagine this dialog between Edward, a System Owner, and Christine, his Information System Security Manager (ISSM): Edward …
Read Article
November 16, 2015
I just finished reading Bruce Schneier’s blog entry, titled "The Doxing Trend". Let me start by writing that I am usually a big fan of Mr. Schneier. I look …
Read Article
July 15, 2015
By Annette Leonard Many information security incidents are newsworthy, especially when they involve compromise of personal, financial and/or medical …
Read Article
June 23, 2015
We have just added a course date for the Information Security Continuous Monitoring training that is coming up this fall (September 22 - 24, 2015). Information …
Read Article
March 13, 2015
By Lon J. Berman, CISSP The Beatles were comprised of how many musicians? Easy, right? They were called the “Fab Four”, so there were definitely 4. Now Google …
Read Article
February 1, 2015
In this post Colin walks you through getting Nvidia CUDA support enabled on your OS X device and illustrates the basics of how to use it with pyrit and cpyrit.
Read Article
January 27, 2015
By Lon Berman, CISSP No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic …
Read Article
November 13, 2014
By Lon J. Berman, CISSP of BAI, Inc. In this issue’s “Spotlight”, we’re not going to focus on any specific controls or families, but rather on a comparison of …
Read Article
July 21, 2014
By Kathryn M. Farrish, CISSP BAI Consulting Under RMF, NIST SP 800-53 is the primary source for security controls. If we compare these controls to the DoDI …
Read Article
May 9, 2014
We are getting excited about our upcoming Offensive Wifi and Mitigation Techniques class. Gear has started to arrive! Check out these Mark V Pineapples that …
Read Article
April 16, 2014
A deadline for federal agencies to adhere to the government’s baseline cloud security standards and changes to the standards themselves are coming up very soon. …
Read Article
April 7, 2014
by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT …
Read Article
October 2, 2012
In this post Colin discusses issues the Path MTU discovery (PMTUD) and its implications on networking with IPv6.
Read Article
December 30, 2011
The effectiveness of Security through Obscurity is closely related to the knowledge (or lack thereof) of the attacker. If someone is unaware of how a particular …
Read Article
May 20, 2011
I wrote this post several years ago. By writing it I was trying to get people to begin to think about how the size of the IPv6 address space, when combined with …
Read Article
May 9, 2011
Exploring the practical feasibility of ping sweeping IPv6 networks. Includes a spreadsheet for determining how long it will take to sweep your own network.
Read Article