Using Effectiveness Assessments to Identify Quick Wins

June 23, 2020

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

Read

20 Tips for Certification Success

June 2, 2020

Over the years, it has been my experience that industry certifications have become standard for job consideration and/or advancement for many technical positions. This is, of course, in addition to having experience in the particular field. I obtained my first (modern-day) technical certification in 2014. It was the System Security Certified Practitioner (SSCP) offered by…

Read

Want Better Alerting? Consider Your Business Processes

May 19, 2020

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

Read

Vendor Enablement: Rethinking Third-Party Risk

April 30, 2020

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

Read

Payment Card Industry (PCI) – Recurring Requirements Require Attention!

April 28, 2020

There are certain items contained within the 12 PCI requirements that have to be performed based on defined frequencies. In my experience, companies sometimes struggle with adhering to some if not all of these items. There are a number of reasons that this might happen, whether it’s related to employee turnover, unfamiliarity with the items,…

Read

Understanding New York’s SHIELD Act

April 1, 2020

While General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) get a lot of attention, New York should not to be left out. In effect beginning on March 21, 2020, the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act (https://www.nysenate.gov/legislation/bills/2019/s5575) places additional security and privacy requirements on organizations that possess…

Read

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

March 25, 2020

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

Read

COVID-19 and Preparing for Changing Cybersecurity Risks

March 13, 2020

There is no denying that the COVID-19 pandemic is significantly impacting many people’s daily lives, with “social distancing” quickly being added to the social lexicon, schools closing, and events being canceled. Additionally, many businesses are rapidly moving to a remote and work from home model. While many organizations already have a large number of employees…

Read

Working With the Department of Defense in 2020? Start Planning for the New Certification.

November 5, 2019

In what is certain to be a wakeup call for many organizations involved in Department of Defense contracts, The Cybersecurity Maturity Model Certification (CMMC) is set to become a part of life in 2020. Much like previous requirements, the CMMC requirements will also apply to subcontractors, and all Requests for Proposal (RFPs) will require CMMC…

Read

The Three Step Security Strategy

October 8, 2019

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

Read
  • Browse by Category

  • Clear Form