Knowledge from our cybersecurity and risk management experts | cybersecurity plan

No, Your IT Team Shouldn’t Manage Your Cybersecurity

Posted by Lindy Trout on Feb 26, 2020 11:21:04 AM

If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.

Read More

0 Comments Click here to read/write comments

Topics: Cybersecurity, Network Security, Information Security, Data Security, Data Ownership, Incident Response, cybersecurity plan

External VPN with RDP Access - Should you do it?

Posted by Kaitlin Jones on Jan 22, 2020 10:30:14 AM

You’re sitting on your couch at home, it’s 8:00 on a Saturday night and one of your interns emails you about a new security vulnerability he just heard about on the latest and greatest podcast. You know that this new vulnerability is going to be the first thing to come up during the morning water cooler talk Monday morning. It’s time for you, the great server admin, to take flight and protect your kin!

Read More

0 Comments Click here to read/write comments

Topics: Cybersecurity, Network Security, HIPAA, Information Security, Data Security, cybersecurity plan

Getting Ready for CMMC – Capability Maturity Model Certification

Posted by Brandon Blankenship on Dec 20, 2019 6:45:00 AM

If you’re in the Department of Defense supply chain, you’ve become familiar with DFARS and the corresponding NIST SP 800-171 r1 over the last few years. It is a list of 110 controls that you need to be compliant with in order to continue supplying certain contracts.

Read More

0 Comments Click here to read/write comments

Topics: Cybersecurity, Information Security, DFARS, cybersecurity plan, NIST

Network Segmentation and Why It Matters

Posted by Zach Zaffis on May 20, 2019 11:37:00 AM

Let’s take a look at an often under-utilized aspect of network topology in the small to medium business realm: that’s right, a networking article. But before you run off, what if I told you you could increase performance and lower your production down time with equipment you (might) already have!?

Read More

0 Comments Click here to read/write comments

Topics: Cybersecurity, Network Security, consumer security, Data Security, Data Protection, security incident handling, cybersecurity plan

Cybersecurity: Real vs. Checking the Box

Posted by Brandon Blankenship on Feb 28, 2019 3:38:00 PM

The reason we wear our seat belts is not to avoid getting a ticket from the police, but rather to avoid a potential injury in a car accident. This analogy is an easy way to describe the difference between box-checking security and real security, and it's instantly understood regardless of technical knowledge. This message resonates with executives, because they typically prefer to “get to the point” and correctly protecting their data is “the point” of cybersecurity.

Read More

0 Comments Click here to read/write comments

Topics: HIPAA, Information Security, consumer security, Data Security, Data Protection, Vulnerability Assessment, it risk assessment, DFARS, cybersecurity plan, NIST

All posts Next