Why Risk Assessments are Essential for Information Security Maturity

May 4, 2023
By in Architecture Review, Business Risk Assessment, Program Assessment & Compliance, Program Maturity Assessment, Security Program Management

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk Assessment results. Organizations without any compliance obligations will still benefit from Risk Assessment as they are a key tool for efficiently increasing Information Security maturity and, more importantly, aligning Information Security with business needs and constraints. This…

Read

Cisco Hackery: TcL Proxy

April 6, 2023
By in Business Risk Assessment, Endpoint Hygiene Automation, Hardware Security Assessment, Penetration Testing, Security Testing & Analysis

Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…

Read

The First Steps on the Zero Trust Journey

February 3, 2023
By in Business Risk Assessment, Decision Making, Penetration Testing, Policy Development, Program Development, Security Program Assessment, Security Program Management, Vulnerability Assessment

One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls…

Read

The Crucial Role of Data Center Resiliency in Business Security

September 8, 2022
By in Architecture Review, Business Risk Assessment, Managed Services, Mergers & Acquisitions Security Assessment, Operational Performance Maturity Assessment, Privacy & GDPR Compliance Assessment, Security Program Management

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

Read

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

January 13, 2022
By in Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Testing & Analysis

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

Read

Real or Fake? How to Spoof Email

January 11, 2022
By in Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Incident Response & Forensics, Office 365 Security Assessment, Penetration Testing, Program Assessment & Compliance, Security Program Management, Security Testing & Analysis

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

Read

Reducing Merchant Scope to Ease the Compliance Burden

July 13, 2021
By in Business Risk Assessment, PCI Assessment, Policy Development, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

Read

The Backup Paradigm Shift: Moving Toward Attack Response Systems

June 15, 2021
By in Attack Path Effectiveness Review, Business Risk Assessment, Incident Response, Incident Response & Forensics, Malware Analysis, Program Assessment & Compliance, Security Program Assessment, Security Testing & Analysis, Virtual CISO

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

Read

Companies on High Alert for Unemployment Fraud

April 15, 2021
By in Business Risk Assessment, Decision Making, Security Program Assessment, Security Program Management, Social Engineering

Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult…

Read

Yes, It’s Time for a Security Gap Assessment

March 23, 2021
By in Attack Path Effectiveness Review, Business Risk Assessment, Managed Services, Operational Performance Maturity Assessment, Penetration Testing, Privacy & GDPR Compliance Assessment, Program Assessment & Compliance, Program Maturity Assessment, Security Program Assessment

For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…

Read

  • Search the blog

  • Search by Author

  • Browse by date

  • Browse by Category

  • Clear Form