Cyber Risk Management Archives

Why You Should Consider an Intangible Asset Inventory (and the Risks of Not Having One)

IT security professionals can get caught up in the physical asset world. But what intangible assets should we be tracking?

An important part of IT security is maintaining an asset inventory. The inventory should document owners, data classification and other pertinent information. Consider cost and metrics associated with the asset’s lifetime. A physical asset inventory enables an IT department to have security […]

Sawyer Miller2020-03-26T13:04:51+00:00Cyber Risk Management, ISO 27001 Compliance|0 Comments

Coronavirus: A Test Of Global Resiliency

Over the last few days, we have had dozens of clients ask our team for insight into how other clients are reacting to the recent Coronavirus (COVID-19) pandemic. As a matter of information sharing, we thought it might be useful to summarize how your peers in the market are reacting. Hopefully this information can be used to inform your own decision-making […]

Glenn Chamberlain2020-03-23T12:33:25+00:00CISO Discussions, Cyber Risk Management|0 Comments

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.

Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While […]

Kendall Morris2020-01-23T21:18:57+00:00Cyber Risk Management, IT Audit & Compliance, Regulatory Compliance|2 Comments

How to Create Effective Policies

How to leverage information security policies into leveling up your security program.

People often regard information security policy as a “check-the-box” compliance initiative. Many organizations will copy a policy template, make small revisions applicable to their context, […]

Kendall Morris2020-01-24T13:42:36+00:00CISO Discussions, Cyber Risk Management, ISO 27001 Compliance, IT Audit & Compliance, SOC Reporting|1 Comment

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today.

On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]

Asher Andree2020-01-23T19:22:30+00:00Cyber Risk Management, Penetration Testing|1 Comment

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

Shane Peden2020-01-31T01:10:36+00:00Cyber Risk Management, Penetration Testing|0 Comments

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom.

Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:

ISO 27001 A9.4.2: Where required by the access […]

Kendall Morris2020-01-23T16:17:32+00:00Cyber Risk Management, ISO 27001 Compliance, IT Audit & Compliance, Penetration Testing|0 Comments

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset.

As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]

Asher Andree2020-01-17T21:16:57+00:00Cyber Risk Management, Penetration Testing|0 Comments

ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program

When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can read our whitepaper on the ISO […]

Christian Hyatt2020-01-17T21:17:01+00:00CISO Discussions, Cyber Risk Management, ISO 27001 Compliance|0 Comments

Why You Need Penetration Testing

Capital One’s recent data breach is only the latest in the perennial series of high-profile data breaches that have occurred in the last few years. What do Equifax, Home Depot, Target, and others have in common? Great security programs with high-quality and competent people running them.

These companies experienced data breaches despite putting forth their best efforts and spending millions of dollars […]

Christian Hyatt2020-01-17T21:17:01+00:00Cyber Risk Management, Penetration Testing|1 Comment