Saturday, April 25, 2015

2015-018- How can ITIL help you flesh out your infosec program?

When you're faced with major projects, or working to understand why your IDS fails every day at the same time, there must be a way to work that out. Or when you must do the yearly business continuity failover, you need a process oriented framework to track and ensure changes are committed in a sane, orderly manner.

ITIL is a completely versatile, flexible framework that scales with your organization. You can also use it with your software development lifecycle. You can use it to enhance major projects and security initiatives.

Tim Wood joins us for the second part of his interview. We discuss Change Management, Problem Management and making inter-departmental SLAs a reality for proper management of changes.


Tim Wood's Presentation: (view only)

Here is a new episode of Brakeing Down Security!

Friday, April 17, 2015

2015-017: History of ITIL, and integrating Security

Much of InfoSec and Compliance is all about processes, procedures, controls, audits, and the proper management of all of these.  To do so, you need a proper framework to make these as seamless as possible. ITIL is one of these types of frameworks.

We introduce Mr. Tim Wood on the podcast, who has over 20 years of ITIL experience and began ITIL implementations in banks and Healthcare systems in the United Kingdom. He currently works with different industries to change culture and make an ITIL a reality.

This week, we go over the History of ITIL, and understand the various incarnations from v1.0 to v3.0. You quickly understand where security will start fitting into all those facets of the ITIL framework.


Tim Wood's Presentation: (view only)

Here is a new episode of Brakeing Down Security!

Monday, April 6, 2015

2015-016: Special Interview:

Special interview this week! On the heels of their uber successful KickStarter campaign, we brought co-founder Ryan and one of the technical editors Anthony in to discuss what Cybrary is. We also discuss ways you can leverage it in your own business to get quality security awareness training, as well as train up your employees on infosec topics that can benefit your company and employees. You can find out more at

Here is a new episode of Brakeing Down Security!

Friday, April 3, 2015

2015-015: 2015 Verizon PCI report

It's that time of year again...  when all the reports come out that shows how various industries did over the last year.

Brakeing Down Security went over the results of the Verizon PCI report.  Did companies do worse this year, or could they have actually improved? Listen to our analysis, and what companies can do to learn from this, and how you can use this report to help get a leg up when your QSA comes calling.


Pay IRS using "Snapcard":


According to the US Internal Revenue Service (IRS), virtual currencies are treated as "Property":

Here is a new episode of Brakeing Down Security!