Home/Tag: Cybersecurity

How to Read a HITRUST Validated Assessment

Understanding the results of a HITRUST engagement and how to use them.

During your vendor due diligence process, a vendor sends you their HITRUST report. What exactly does this report tell you? How can you use this information to properly evaluate the vendor? In this blog, we will give a brief overview of the HITRUST CSF framework and then […]

By |2020-03-23T12:54:41+00:00March 4th, 2020|HITRUST, IT Audit & Compliance|0 Comments

So, you got a pentest. Now what?

How to progress toward a truly secure organization and infrastructure after penetration testing.

You did it – you paid for penetration testing services.

Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]

By |2020-01-23T15:44:56+00:00December 9th, 2019|Penetration Testing|0 Comments

Past to Present – Lessons From the NotPetya Ransomware

And how they are still relevant today.

On a warm, sunny day in July 2017, one of the world’s most catastrophic and rampant demonstrations of ransomware began. Commonly referred to as NotPetya, the infection was released from a compromised software company located in Ukraine and quickly spread across the world. The outbreak impacted companies such as DHL, Mondelez International, and […]

By |2020-01-23T19:22:30+00:00November 25th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

By |2020-01-31T01:10:36+00:00November 18th, 2019|Cyber Risk Management, Penetration Testing|0 Comments

If It Can Talk to Networks, It Can Walk Across Them

Why the Internet of Things is a penetration tester’s most valuable asset.

As technology moves at a seemingly exponential rate of growth and changes every day, more and more devices are being developed to contain additional “customer-savvy” features. Collectively termed the Internet of Things (IoT), this new wave of technology is vast. Where historically a system in question would be a server […]

By |2020-01-17T21:16:57+00:00October 21st, 2019|Cyber Risk Management, Penetration Testing|0 Comments

ISO 27001: Understanding Security Roles and Responsibilities and Why They Are Vital to the Success of Your Security Program

When building your Information Security Management System (ISMS) as part of ISO 27001 program implementation one of the most important elements of the system of management for your security program is ensuring all stakeholders understand their roles and responsibilities. (If you are unfamiliar with ISO 27001 and the “ISMS” you can  read our whitepaper on the ISO […]

Why You Need Penetration Testing

Capital One’s recent data breach is only the latest in the perennial series of high-profile data breaches that have occurred in the last few years.  What do Equifax, Home Depot, Target, and others have in common?  Great security programs with high-quality and competent people running them.

These companies experienced data breaches despite putting forth their best efforts and spending millions of dollars […]

By |2020-01-17T21:17:01+00:00August 15th, 2019|Cyber Risk Management, Penetration Testing|1 Comment

Vulnerability Management Makes it Harder to for Hackers to Exploit Your Systems

From a penetration tester’s perspective, there are a few things that quickly indicate an organization’s maturity (and the likelihood our team will be able to exploit their environment). If any of these exist, the chance we will be able to successfully breach their environment increases:

Indicators a Hacker Can Breach Your Systems

Aging Infrastructure

One of the first things we do in a penetration […]

By |2020-01-17T21:17:22+00:00June 3rd, 2019|Cyber Risk Management|0 Comments

Understanding Phishing and How to Stop the Scam

Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source.

Low level methods can accomplish this simply by creating […]

By |2020-01-17T21:17:43+00:00April 8th, 2019|Cyber Risk Management|0 Comments