infoedge blog

Insights, information and viewpoints from an infoedge perspective.

Steven Zafonte

Recent Posts

Comparing the ROI of Cybercrime and Effective Responses: Part 2 - Understanding the tradeoffs and making the best choices.

Posted by Steven Zafonte on May 10, 2019 9:26:00 AM
In Part 1, we saw the data shows that cybercriminals are heavily influenced by the rules of economics.
What does this mean for IT governance and policy?
Read More

Topics: cybersecurity, GRC

Criminal Actions and Motivations, the ROI of Cybercrime: Part 1 - Three Reference Scenarios

Posted by Steven Zafonte on May 2, 2019 9:39:13 AM

Symantec just released its 2019 Internet Security Threat Report (ISTR). It is largely a comparison of malware trends and cybercriminal activity over the last 1-3 years. A quick look into the data reveals that many of the report’s findings are aimed at the end user or environments with a small IT footprint. Despite this, there are valuable insights can be taken from it about enterprise IT governance and IT risk modeling. This two-part series talks about the economic motivations of cybercriminals and how their actions change as a result. It then talks about how these should influence your IT risk modeling efforts.

Read More

Topics: cybersecurity, GRC

Incorporating an MSSP into your Information Security Program: A Tactical and a Strategic POV - part 2

Posted by Steven Zafonte on Oct 11, 2018 9:30:00 AM


Read More

Topics: data protection, digital security, cybersecurity, threat intelligence

Incorporating an MSSP into your information security program: A Tactical and a Strategic POV - part 1

Posted by Steven Zafonte on Sep 14, 2018 11:30:00 AM

Whether you are just evolving an information security program, or are redesigning from the ground up, one pivotal question you should be asking is: “Should I be incorporating a Managed Security Services Provider (MSSP)?” There are a great many strengths to this approach, and it can enhance your team in many ways, including:

Read More

Topics: data protection, cybersecurity, threat intelligence