Thu, Nov 1, 2018

Version Upgrades and Security/Privacy Downgrades: A Cautionary Tale

In a recently published article on Infosecurity Magazine, Alan Brill, Senior Managing Director in our Cyber Risk practice, explores the need for more careful security and privacy considerations when conducting version upgrades/downgrades.

An excerpt is provided below along a link to the full article:

Somehow, upgrades, whether large or small, don’t receive the same attention as new systems, either from IT or from user management. Upgrades and changes feel like they are easier, and less likely to cause problems. That may be true, but they can also cause problems, many – perhaps most – of which are preventable, but they don’t get prevented. What can be done to avoid problems in security and control after an upgrade?

First, there has to be a recognition on the part of both functional and technology managers that changes and upgrades can cause issues that affect privacy, security, internal controls and auditability. Functions can be added, deleted or changed. Data can be added, dropped or handled differently. Log files can be modified or sometimes terminated.

Read the full article on

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.