Canada Emergency Response Benefit (CERB) Fraud
September 13, 2020   |   Personal Thoughts

The Canada Emergency Response Benefit (CERB) is the financial support from the Government of Canada for Canadians who are directly affected by COVID-19. The Canada Revenue Agency (CRA) is responsible for managing applications and payments for the CERB to Canadians. As of August 30, 2020, the CRA received 24.

Continue Reading
Common Controls Framework by Adobe
August 17, 2020   |   IT Compliance

There are several compliance frameworks these days that organizations have to implement for different reasons. I still see many organizations that struggle with all these frameworks. Each framework usually has an impressive set of objectives and controls. Does an organization have to process credit card information?

Continue Reading
Multi-factor authentication with YubiKey
August 3, 2020   |   Information Security

Multi-factor authentication (MFA) is generally available these days with popular services e.g. Facebook, Google, Amazon, etc. Even more traditional industries, such as banks, are also doing, slowly, the same. A good mention here for my previous employer, a credit union, that has implemented multi-factor authentication around 2019.

Continue Reading
Master of Administration : Done!
February 10, 2020   |   Personal Thoughts

As always, I was not really active around for the last few months or even the last year. At least, I had a good reason this time. I was kind of busy writing my essay for the master’s degree. I began a graduate degree in September 2013 with a specialization in IT governance, audit, and security at Universit√© de Sherbrooke.

Continue Reading
Website Update & Hugo Framework
April 9, 2019   |   Personal Thoughts

Well, I should definitely work on my master’s essay but I thought it could be a good time to update my website. Again. Less than 2 months after the previous version… WordPress to Hugo Framework WordPress is certainly the most popular blog platform.

Continue Reading
CISSP Certified and the Next Steps
February 1, 2019   |   Personal Thoughts

I finally obtained the Certified Information Systems Security Professional (CISSP) certification. It is definitely the most well-known certification in the information security industry and the one recommended for any professionals in this field. What is the CISSP? It is not necessarily the most technical or specialized certification.

Continue Reading
Are You Outsourcing Your Security With a Cloud Application?
August 1, 2018   |   Information Security

You finally decided to use cloud services for your organization? Great! There are definitely many advantages. Your objective was also to outsource the security to the provider? Sorry, not quite. The security of your information will always be your own responsibility.

Continue Reading
Keeper Security and Random Deactivation
May 30, 2018   |   Information Security

We trust cloud services to keep our data secure. But we don’t always think about the impact in the event where the service would have some downtime. Even less in a situation where the provider would decide to disable the service.

Continue Reading
Your Hosting Provider is PCI DSS Compliant and You?
April 5, 2018   |   IT Compliance

PCI DSS is probably one of the most misunderstood compliance obligations among IT professionals. It is in fact the Payment Card Industry Data Security Standard (PCI DSS) governed by the PCI Security Standards Council (PCI SSC) founded in 2006 by American Express, Discover Financial Services, JCB International, MasterCard and Visa.

Continue Reading
Are You Really receiving a Penetration Test Report?
February 22, 2018   |   Information Security

There are more and more organizations interested in a penetration test, or simply a “pentest”, on their infrastructure. However, there is a requirement for specific skills and this expertise is not often available within most organizations. It is also a good idea to have an external opinion, someone who will be impartial and doesn’t know too much about the current configuration.

Continue Reading
Update: CISA Certification and Frequently Asked Questions
January 17, 2018   |   IT Compliance

In August 2014, I published a post about my experience with the CISA exam and the required experience. Even 3 years later, it is still the most popular post here and not so long ago, I was always seeing more requests after the exam dates.

Continue Reading
Cloud Security with Object Storage
January 5, 2018   |   Information Security

Many cloud providers are often criticized for the security provided with object storage services. Even more after the disclosure of private information that occurred in 2017 by using these services. These security breaches were also from well-known organizations such as Verizon, Accenture, Booz Allen Hamilton, Viacom, National Security Agency, National Credit Federation, Australian Broadcasting Corporation, Department of Defense, Republican National Committee, etc.

Continue Reading