The Crucial Role of Data Center Resiliency in Business Security

September 8, 2022

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

Read

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

August 31, 2022

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

Read

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

January 13, 2022

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

Read

Real or Fake? How to Spoof Email

January 11, 2022

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

Read

Creating a Malicious Azure AD OAuth2 Application

October 12, 2021

THIS POST WAS WRITTEN BY @NYXGEEK I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples…

Read

Update: The Defensive Security Strategy

September 9, 2021

Original post:  https://www.trustedsec.com/blog/the-defensive-security-strategy-what-strategy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advanced and changed, these massive exposures are continuing to occur. The question is why, and how, are they occurring? While common issues are often leveraged, the mentality around them is…

Read

Companies on High Alert for Unemployment Fraud

April 15, 2021

Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult…

Read

How I Retained My QSA Certification

January 21, 2021

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

Read

Using Effectiveness Assessments to Identify Quick Wins

June 23, 2020

An organization’s overall security posture can be viewed from multiple different angles, such as technical assessments, program assessments, controls assessments, and risk assessments. A number of different frameworks for each of these assessment types exist, intended to help both technical teams as well as leadership organize security program building activities. Some of these include: Penetration…

Read

Want Better Alerting? Consider Your Business Processes

May 19, 2020

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

Read
  • Browse by Category

  • Clear Form