A few things to consider when choosing a consulting firm partner.
Identifying and maintaining measures of success in privacy programs.
The publication of ISO 27701 is an exciting development for all companies looking to enhance and potentially certify their privacy programs. As companies race to digest and implement the new standard, many questions arise around how to address some of its particular requirements. One such area involves the governance of an ISO 27701 […]
Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source.
Low level methods can accomplish this simply by creating […]
One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls.
Shutting down unused ports is the traditional mitigation. Still this […]
Most executives realize that information security (and cybersecurity) is a rising threat within their organization. This is the new normal in the digital economy. As result information security professionals that used to be viewed as technical practitioners are finding seats at the executive table and at with the board of directors.
The problem for most organizations trying to build an information security […]
They Petya Ransomeware outbreak is the second such global attack in the last couple of month. The malware is spreading using same Microsoft Windows vulnerability that was exploited by the recent WannaCry ransomware event.
Symantec confirmed that Petya uses the “Eternal Blue” exploit. Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but […]
Required Reading:
1) IoT Growing Faster Than the Ability to Defend it
2) DDoS on DYN Impacts Twitter, Spotify, Reddit
Until recently the security concerns associated with IoT devices have been mostly speculative. It’s easy to ignore how a webcam or a inexpensive gadget might be a cyber-security concern. Most people don’t think in terms of […]
The set of controls and conditions IT auditors look for during assessments of Wireless Access Points (WAPs) tends to vary auditor to auditor.
In some cases, the IT auditor may make great suggestions for controls I have not seen many organizations put into place while in other cases, the auditor might point out the […]
Sigcheck is a light weight Windows command-line utility that does an amazing job at scanning the digital certificate stores on your system for anything irregular and not part of the official Microsoft Trusted Root Certificate list.
Additionally, the utility will also check the digital signatures of files and identify all unsigned files in a directory while simultaneously running […]