Assume for a moment the following events happened within the past few days at ABC Company located in Anytown, USA: A kitchen fire on another floor in the building resulted in a building evacuation at 1pm on Monday The internet connection went down at headquarters at 8am on Tuesday A junior employee’s laptop, placed in an overhead bin, was stolen sometime during a late morning...
Read More
Cybersecurity has taken a center stage in the business world of the 21stcentury. As a majority of business and financial operations are conducted in the form of interactions between computer systems over the internet, the threats to business processes from sophisticated cyber-attacks are also increasing at an alarming rate. In such a scenario it becomes imperative for organizations to conduct professional cybersecurity assessments on a time-bound...
Read More
Just about every device nowadays is equipped with a wireless radio. This has made life easier for IT teams: Network cabling no longer needs to run to every desk, every system, or every printer. The conference room now has a Smart TV, a wireless sound system, and every employee and executive carries two, three, or even four wireless devices (laptop, phone, tablet, and smart watch)....
Read More
A hacked website represents a company that is not only closed for business, but also subject to potential finger-wagging in the media. As of 2019, every single website should be secured with an SSL certificate—at a minimum. There are more and more resources that offer free SSL certificates and the installation of these certificates is getting easier and easier to accomplish, even for the lay...
Read More
Security on the web is of paramount importance and it is clear: Compromised credentials are the principal vector of cyber-attacks. With breaches and compromises happening regularly, there is one easy way to vastly improve account and operational security: multi-factor authentication. The most common form of multi-factor authentication is two-factor authentication, a method of ensuring identity by requiring not just the traditional username and password but...
Read More
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FISMA – the Federal Information Security Modernization Act – requires that agencies authorize the information systems that they use. FedRAMP is FISMA for the cloud. The FedRAMP Policy Memo requires Federal Agencies to use FedRAMP when assessing,...
Read More
Information Security Risk Management, in simple terms, is an ongoing process through which risks related to the use of information technology are first identified and then addressed. To achieve this goal certain steps come into play starting with identifying the risks, then assessing them, followed by treating them depending on each organization’s resources. Treating security risks based on the organizations policy is the final objective...
Read More
The advancements made in technology are staggering. Consider this for a moment: We carry smartphones in our pockets that have considerably more computing power than was housed in entire buildings in the 1960s. Furthermore, our pocket-sized phones are mobile computing platforms with the power to not only make and receive worldwide calls wirelessly, they can browse the internet, stream music, take and edit high-resolution photographs...
Read More
Email has quickly become the preferred, as well as most efficient, way of transmitting written information across the office or across the globe. Ensuring the security and legitimacy of email continues to be a challenge, however. Emails can have selected components spoofed: from the content of the message appearing to come from an internal sender or a message may appear legitimate but is, in fact,...
Read More
Transport Layer Security is a cryptographic protocol used to provide communication security. TLS primarily provides privacy and data integrity between communication or internet connections. Connections secured by TLS should adhere to the following: Private Connection: Used to encrypt the data using symmetric cryptography. Keys for each connection are generated uniquely based on a shared secret during TLS handshake process. The Server/Client negotiate an encryption algorithm and...
Read More
