Strength Training With Transport Cryptology: Part 2

March 30, 2021

In part 1 of this blog series, we explored objective standards for evaluating application cipher suites using the National Institute of Standards and Technology (NIST) standard. Reviewing that is not required to continue here. For those of us lucky enough to apply cryptology within a Payment Card Industry (PCI) context, this part is for you….

Read

Strength Training With Transport Cryptology: Part 1

March 30, 2021

I have a pretty good gig. I get to see the unique security approaches of dozens of companies every year. Sometimes the things we discuss come up so frequently, they should probably be shared…anonymously, of course. Frequently, folks are tasked with fixing insecure transport security. This is often due to test results from: Introducing new…

Read

Yes, It’s Time for a Security Gap Assessment

March 23, 2021

For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…

Read

TrustedSec Approved as a CMMC Registered Provider Organization!

February 25, 2021

TrustedSec has been approved by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (https://www.cmmcab.org/) as a Registered Provider Organization. In line with our mission of increasing the security posture of organizations around the world, TrustedSec is pleased to be a part of the program aimed at improving and ensuring the security maturity of the Defense…

Read

CMMC Small Business Funding Roundup

February 23, 2021

TrustedSec works with clients of all sizes on Cybersecurity Maturity Model Certification (CMMC) readiness engagements, but recently we’ve received a few questions on how smaller organizations can help to offset some of the costs related to CMMC compliance. There are three (3) typical paths for small organizations to obtain financial assistance regarding CMMC activities. We…

Read

How I Retained My QSA Certification

January 21, 2021

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

Read

Nine Things to Know About the CMMC

November 10, 2020

The Cybersecurity Maturity Model Certification (CMMC) (https://www.acq.osd.mil/cmmc/) is a program being developed to help ensure that specific types of unclassified data that exist outside of government systems remain adequately protected. Specifically, the CMMC applies to Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-government systems. Eventually, this certification program will replace the process…

Read

Fear, Cybersecurity, and Right to Repair

November 5, 2020

Massachusetts is the latest state to grapple with Right to Repair legislation. A ballot question in the 2020 election asked the state’s voters to decide whether or not automobile manufacturers must make the telematics data collected by cars’ on-board computers available to independent repair shops. What seems like a debate over who can access the…

Read

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1

October 27, 2020

They say, “Everything old is new again.” Or, if you are a Game of Thrones fan, “What is dead may never die.” For me, however, a mentor once told me, “Everyone is going forward. I’m going backward.” Enter NetSync… I find Twitter to be a good source for InfoSec tactics, techniques, and procedures (TTPs). Anytime…

Read

The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2

October 27, 2020

This is a continuation of The Tale of the Lost, but not Forgotten, Undocumented NetSync (part 1) and in this section, we will look to answer: What are Some Early Indicators to Detect NetSync at the Host-based Level? What are Some Possible Controls to Deter NetSync? In an accompanying blog post, Are You Seeing What…

Read
  • Browse by Category

  • Clear Form