Security on the web is of paramount importance and it is clear: Compromised credentials are the principal vector of cyber-attacks. With breaches and compromises happening regularly, there is one easy way to vastly improve account and operational security: multi-factor authentication. The most common form of multi-factor authentication is two-factor authentication, a method of ensuring identity by requiring not just the traditional username and password but...
Read More
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.FISMA – the Federal Information Security Modernization Act – requires that agencies authorize the information systems that they use. FedRAMP is FISMA for the cloud. The FedRAMP Policy Memo requires Federal Agencies to use FedRAMP when assessing,...
Read More
[vc_row][vc_column][vc_column_text]Information Security Risk Management, in simple terms, is an ongoing process through which risks related to the use of information technology are first identified and then addressed. To achieve this goal certain steps come into play starting with identifying the risks, then assessing them, followed by treating them depending on each organization’s resources. Treating security risks based on the organizations policy is the final objective...
Read More
The advancements made in technology are staggering. Consider this for a moment: We carry smartphones in our pockets that have considerably more computing power than was housed in entire buildings in the 1960s. Furthermore, our pocket-sized phones are mobile computing platforms with the power to not only make and receive worldwide calls wirelessly, they can browse the internet, stream music, take and edit high-resolution photographs...
Read More
Email has quickly become the preferred, as well as most efficient, way of transmitting written information across the office or across the globe. Ensuring the security and legitimacy of email continues to be a challenge, however. Emails can have selected components spoofed: from the content of the message appearing to come from an internal sender or a message may appear legitimate but is, in fact,...
Read More
[vc_row][vc_column][vc_column_text el_class="services_ulli_number"]Transport Layer Security is a cryptographic protocol used to provide communication security. TLS primarily provides privacy and data integrity between communication or internet connections. Connections secured by TLS should adhere to the following:Private Connection: Used to encrypt the data using symmetric cryptography. Keys for each connection are generated uniquely based on a shared secret during TLS handshake process. The Server/Client negotiate an encryption...
Read More
The cyber-security landscape is complex. Not only is there a need for strict adherence to compliance frameworks, but there is the need to compete in the marketplace and satisfy shareholders by bolstering security and staying out of the news by having the right teams and the right equipment in place. Oftentimes, though, the most discounted aspect that lays the foundation for cyber-security is the password....
Read More
Prevention: The cost to prevent an attack is far less than to fix or recover from it. Email has been the easiest and most convenient way to deliver a lethal payload. Security awareness and training focused on ransomware and social engineering should be provided periodically to end-users. An effective phishing campaign should also be rolled out to measure or quantify the effectiveness of administrative controls...
Read More Ransomware has become the most well-known threat among technical and non-technical end-users. The average technology user or employee in most organizations have learned about this threat through their cybersecurity and awareness training or maybe from the news. It is one of the top issues keeping CISOs and CIOs up at night and making senior executives and board members quite nervous. CISOs / CIOs are concerned...
Read More
As I mentioned earlier this week, employees are as much a part of the information security equation as your appliances and compliance frameworks in securing your company against cyber-attacks. It is therefore important to make sure they are aware of the security policies, procedures and best practices of the organization as well as the evolving risks and cyber threats surrounding them.Key Topics for Employee Training: 1)...
Read More