Home/Tag: Cybersecurity Controls

Performing Effective User Access Reviews

Correcting mistakes that arise in the day-to-day management of access control.   Organizations can take many steps to manage access, such as adopting documented registration and de-registration processes, maintaining a list of service accounts, and segmenting networks. While all are effective ways of managing access, they occasionally fail.   For example, a step may be missed in the on-boarding process. A [...]

What Are Your Privacy KPIs?

Identifying and maintaining measures of success in privacy programs. The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs.  As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements.  One such area involves the governance of an ISO [...]

By |2020-01-23T19:24:19+00:00November 4th, 2019|ISO 27001 Compliance, Privacy Compliance|0 Comments

Managing an Organization’s Passwords

How to keep the keys to the kingdom from escaping the kingdom. Proper password management is a huge step that an organization can take to strengthen security. It also addresses multiple criteria for all the major security frameworks. For example, see examples from ISO 27001 and SOC 2 as of the date of this writing: ISO 27001 A9.4.2: Where required by [...]

Beyond Vulnerability Scans: Mitigating and Monitoring for Malware Leveraging C2 Systems

Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is limited to periodic vulnerability and compliance [...]

By |2020-01-17T21:17:50+00:00March 12th, 2019|Cyber Risk Management, IT Audit & Compliance|0 Comments