Want Better Alerting? Consider Your Business Processes

May 19, 2020

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

Read

Vendor Enablement: Rethinking Third-Party Risk

April 30, 2020

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

Crossover Sec: Breaking Down the Silos

March 24, 2020

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had…

Read

Why We Are Launching the TrustedSec Sysmon Community Guide

February 6, 2020

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

Read

The Three Step Security Strategy

October 8, 2019

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

Read

Attacks on the Rise Through Office 365

September 17, 2019

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

Read
security risk graphic

Top Six Security and Risk Management Questions

March 12, 2019

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…

Read
blog icon header

Current Security Trends in 2019

February 7, 2019

As the information security industry continues to mature, several things have changed, but many of the fundamental issues remain—even in the face of new technologies, threats, and regulations. Understanding and responding to current trends provides the opportunity for security and risk management leaders to better improve security, increase resiliency, and support the business. With renowned…

Read
checkmark graphic

Few cons to bringing in the pros: Why should you have a third-party risk and security assessment?

January 10, 2019

At TrustedSec, we get about 400-500 inquiries for security assessments every year.  Some of the questions we still hear quite often are: Why does our company need to do a risk and security assessment? Why can’t we just do it ourselves? We already know we’re terrible—why do we need you to tell us that? There…

Read
  • Browse by Category

  • Clear Form