Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
On Line File Sharing Posing Risks for SMBs
Recent article from Dark Reading was from a Symantec survey of small to medium size businesses and their file sharing practices. The survey was conducted by Applied Research in 2011. They spoke with decision makers at 1,325 worldwide SMB organizations with 5 to 500 employees. (more…)
Cyber Attacks on our Critical Infrastructure
Recent article from Dark Reading, June 29: U.S. Critical Infrastructure Cyber Attack Reports Jump Dramatically. (more…)
Protecting against zero-day malware.
Let’s talk a bit about advanced malware. Many folks we talk with feel they are doing well with protecting their network perimeter. They’ve got firewalls in place, anti-virus, IDS/IPS. The issue is, that these are all signature based solutions. They don’t protect against zero-day malware. (more…)
You cannot see what you do not have
We see time and time again in our incident response practice department scenarios where long-term systemic malware resides in a seemingly secure environment for months at a time. (more…)
Importance of doing a Risk Assessment
We often get calls to do diagnostic testing of some sort – Vulnerability Testing, Penetration Testing, Web Application Testing; these are all very good and should be done at least annually or more often, if the environment is undergoing changes – What about a Cyber Security Risk Assessment? Why do them, and what’s the correlation between the Risk Assessment and the various forms of diagnostic testing? (more…)
Incident Response Readiness-Ready for a breach?
Incident Response Readiness – Is your organization ready for a breach? Have you ever undergone a breach? Is there a breach going on right now? Or, ahem… have you undergone a breach and were not even aware that it occurred? Yikes… (more…)
Reasonable and Appropriate Data Security
Reasonable and Appropriate Data Security – An interesting case that the FTC filed recently (June 26, 2012) against a well-known hotel chain. (Names omitted for the purposes of this blog.) Notice the similarities to the PCI DSS requirements. (more…)
PCI Security Standards Council Releases Point-To-Point Encryption (P2PE) Resources
Latest press release from the PCI Security Standards Council – June 28, 2012: (more…)
Security Awareness training is required by PCI DSS
I often write about security awareness training, but it bears repeating periodically. Cyber security awareness training is required by some standards – the PCI DSS is pretty specific about requiring it. Security awareness training for the general employee population on at least an annual basis is a good idea. More technical training for IT or application developers is also a good idea. (more…)