Tag: Information Security

Password Security

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names, and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically, the passwords will be cryptographically hashed. Hashing a password takes a string of any length (the password

Read More

HITRUST Nuances and How to Use Them to Your Advantage

The HITRUST CSF contains several attributes that differentiate it from other information security frameworks.  Here are three tips on how to handle them! The HITRUST Business Case Many consider the HITRUST CSF to be one of the top cybersecurity frameworks for organizations to adopt. Although it was initially designed as

Read More
Information Security Blog

Landing a Job in Information Security

How can you start a career in information security?  Here are 4 tips to land your first job! The Key is to Stand Out The information security field boasts one of the fastest-growing job industries in the United States. Couple that with a worsening cybersecurity skills shortage, and it seems

Read More

Advice for Taking the CISA Exam (Updated)

Everything you need to know to pass with flying colors. As risk3sixty continues to grow, more members of our team will be taking the Certified Information Systems Auditors (CISA) exam to be the best security and compliance craftsmen for our clients. We have provided advice for taking the CISA exam

Read More

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.   People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, and then forget about it.   But, an information security policy that

Read More
Compliance Image

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs. The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise about addressing some of its particular requirements. 

Read More

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from

Read More
security Image

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports

Read More

Thoughts on Building an Information Security Program that Sticks

Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of

Read More