How to keep the keys to the kingdom from escaping the kingdom.
Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing:
ISO 27001 A9.4.2: Where required by the access […]
One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls.
Shutting down unused ports is the traditional mitigation. Still this […]
Click to enlarge.
Managing user access in the manufacturing environment, especially at the plant level, is tricky. Unique machinery and production requirements call for specific skills and infrastructure that may not be supported centrally by corporate managers. This means that many plants must operate as independent sub-businesses within a larger corporation. Thus, governance and control of critical plant infrastructure […]
When performing IT audits, the Principle of Least Privilege is a term you may hear thrown around quite a bit, but how many novice auditors new to IT audit actually understand what is implied by this within an IT environment? From my experience, not many.
The most common place I see the term surface is when assessing firewalls, but the same principle […]