Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable to detect and prevent these attacks. (more…)
privacyrights.org
If you’ve never checked out http://www.privacyrights.org, I would encourage you to do so. It’s a listing of all breaches made public from 2005 up to present, presented in reverse chronological order. They collect the information from a variety of sources.
You can filter your search by checking/un-checking various boxes on the following: (more…)
Top (Application) Development (Information Security) Mistakes to Avoid
From Vericode and industry experts
PCI Compliance – 96% of victims subject to PCI DSS had not achieved compliance
I’m going to refer to another something in a previous blog, the one about Verizon’s 2012 Data Breach Report regarding PCI Compliance.
Verizon 2012 Data Breach Report
If you haven’t read the Verizon 2012 Data Breach Report, you may want to check it out. Contains a wealth of information on what’s going on in information security breaches. Here’s a link: (more…)
Security Worm Targets Design Documents
I thought this was an interesting article out of Dark Reading lately – “AutoCAD Worm Targets Design Documents in Possible Espionage Campaign”. (more…)
Security awareness training is more important than ever.
Can’t state it often enough – Cyber security awareness training is more important than ever. Many of the incidents we respond to are caused by malware being downloaded by users. Once it’s in your network, it’s only going to propagate. It’s like a bad roach infestation. (more…)
HIPAA Security Rule and Fines
Maintaining HIPAA compliance use to not have much teeth behind it. Times have changed, however, as the Alaska Department of Health and Social Services (DHSS) is too well aware. (more…)
PCI Compliance Guidelines: Locking Down Firewall Rules for Active Directory Replication
We all know Windows Active Directory is a great solution to centrally manage users and computers. (more…)