Email has quickly become the preferred, as well as most efficient, way of transmitting written information across the office or across the globe. Ensuring the security and legitimacy of email continues to be a challenge, however. Emails can have selected components spoofed: from the content of the message appearing to come from an internal sender or a message may appear legitimate but is, in fact,...
Read More
Transport Layer Security is a cryptographic protocol used to provide communication security. TLS primarily provides privacy and data integrity between communication or internet connections. Connections secured by TLS should adhere to the following: Private Connection: Used to encrypt the data using symmetric cryptography. Keys for each connection are generated uniquely based on a shared secret during TLS handshake process. The Server/Client negotiate an encryption algorithm and...
Read More
The cyber-security landscape is complex. Not only is there a need for strict adherence to compliance frameworks, but there is the need to compete in the marketplace and satisfy shareholders by bolstering security and staying out of the news by having the right teams and the right equipment in place. Oftentimes, though, the most discounted aspect that lays the foundation for cyber-security is the password....
Read More
Prevention: The cost to prevent an attack is far less than to fix or recover from it. Email has been the easiest and most convenient way to deliver a lethal payload. Security awareness and training focused on ransomware and social engineering should be provided periodically to end-users. An effective phishing campaign should also be rolled out to measure or quantify the effectiveness of administrative controls...
Read More
Ransomware has become the most well-known threat among technical and non-technical end-users. The average technology user or employee in most organizations have learned about this threat through their cybersecurity and awareness training or maybe from the news. It is one of the top issues keeping CISOs and CIOs up at night and making senior executives and board members quite nervous. CISOs / CIOs are concerned...
Read More
As I mentioned earlier this week, employees are as much a part of the information security equation as your appliances and compliance frameworks in securing your company against cyber-attacks. It is therefore important to make sure they are aware of the security policies, procedures and best practices of the organization as well as the evolving risks and cyber threats surrounding them. Key Topics for Employee Training: Email...
Read More
While it is believed that the biggest threats to information security comes from outside sources, the most significant threats can originate from within your organization. One of the best ways to ensure company employees do not make costly errors concerning information security is to incorporate company-wide security-awareness training initiatives. These initiatives will give employees a solid understanding of security policies, procedures and best practices of...
Read More
To make good decisions, your business depends upon accurate and reliable information. If the integrity of that information is compromised, so is your business. This issue has risen to prominence recently with 'fake news' that has begun swirling around major politicians. Advances in artificial intelligence (AI) personas allows for the creation of chatbots that will soon be indistinguishable from humans. Attackers will soon be able to...
Read More
One component that is already being continuously emphasized in an increasing number of regulations, like PCI DSS, HIPAA, GLBA, FISMA, SOX, etc., is Risk Assessment. In the past few years, hackers around the world have proven that Information Systems are under serious and persistent threat, and organizations will have to take strict measures to ensure the security of their Information Systems. With increasing use of...
Read More
Information Security (InfoSec) infrastructure design is very similar to any other infrastructure design because you must have someone, or a team, involved in the overall, high-level design to ensure integrity and resilience. It is critical that this oversight be preserved throughout the design and maintenance of the infrastructure. Generally, we bring in the best and brightest architects to design our security infrastructure and unfortunately, once it...
Read More
