Tom Olzak, CISSP

Learn the 5 Steps in Business Continuity Planning

Business continuity planning is essential to make sure you stay in business! There are five phases to business continuity assurance: analyze your business, assess risks, develop a strategy and plan, test the plan, and manage the results. We’ll walk you through the steps here.

Logical/Technical Security Controls – Part 1

Logical controls, also called technical controls, are used to provide access to your organization’s data in a manner that conforms to management policies. This includes the enforcement of the principles of least privilege and separation of duties. This article looks at both preventive logical controls, in both hardware and software.

Overview: Physical Security Controls Page 1

In this series, I examine the preventive and detective capabilities of various types of physical security controls, including biometrics, fences, locks, and data backups. In Part 1, I start with a description and purpose of physical controls, followed by a discussion of preventive safeguards.

Overview: Security Administrative Controls – Part 2

In Part 1 of this two part series, I examined administrative controls that help prevent security incidents. In this article, I conclude our look at administrative controls by exploring controls designed to detect security incidents in progress or after they’ve occurred. (This article is updated content from the book “Just Enough Security.”)

Overview: Security Administrative Controls – Part 1

Access controls prevent unauthorized people from viewing or stealing information assets and employees from accessing sensitive information and systems not required for day-to-day tasks. They fall into three general categories: administrative, logical (technical), and physical. This is the first in a series of articles that examines preventive administrative access controls.

We begin with a definition and overview of security access controls.

(This article is updated content from the book “Just Enough Security.”)

Introduction to the Just Enough Security (JES) Method of Information Security – Part One Is An Overview Of The Program

Protecting sensitive information and critical systems is a balancing act, balancing constraints with operational effectiveness. This is the first in a series of articles that comprise and introduction to the Just Enough Security (JES) approach to information security. Application of the JES principles provide “reasonable and appropriate” protection for information assets.