The most recent content from our members.
Phishing and malware are scary enough, but the number one tactic used by bad actors to get access to and take over accounts is something different: using compromised credentials. Why? Because it’s so easy! Data breaches happen almost constantly, and credentials get leaked. At the same time, people are prone to reuse the…
The Center for Internet Security Critical Security Controls (CIS Controls) are prioritized Safeguards to mitigate the most prevalent cyber-attacks against systems and networks. CIS Controls Version 8 have been enhanced to keep up with modern systems and software. The update has been spurred on by issues such as the move to…
“Security? We don’t need no stinking security!” I’ve actually heard a CTO utter words this effect. If you subscribe to a similar mindset, here are five ways you too can stink at information security. * Train once and never test Policy says you and your users need to be trained once a year, so once a year is good enough.…
In post #3 of this information security series, let's cover one of the essential components in an organization's defense strategy: their approach to patching systems. Everywhere an Attack When did you NOT see a ransomware attack or security breach story in the news? And when was weak patching not cited as one of the…
The first three blogs in this series were all about building a blueprint for a well-designed environment. In this article, we’ll review more practical considerations to influence the overall architecture and design of the ecosystem, which in turn require specific features and methodologies as dictated by the required data…
Where are you? Halfway through this 6-part series exploring a new reference model for IT infrastructure security! As you learned in earlier posts, this model breaks the security infrastructure landscape into four domains that each contain six categories. While today’s domain may seem simple, it is an area that I constantly…
Now that we all carry supercomputers complete with real-time GPS mapping in our pockets, a reference to physical maps may feel a bit antiquated. You know the ones I’m talking about; you can still find them at many malls or theme parks, and even some downtown city streets. It’s usually a backlit map on a pillar with a…
The Internet of Things (IoT) offers the promise of a more connected and efficient military, but Defense Department IT professionals are having a hard time turning that promise into reality. They’re deterred by the increasing demands and security vulnerabilities of more connected devices. That hasn’t stopped defense…
In my previous posts about Building a Culture of Data Protection (Overview, Development, Features, Expectations) I covered the background of building a culture. In this post, I'll be going over the Tools, People, and Roles I recommend to successful organizations. Tools Given the volume and complexity of modern data…
We've talked about building a culture, why it applies to all data environments, and some specific types of data protection features you should be considering. Today, we'll be considering the culture of protection the actual owners of the data (customers, employees, vendors, financial partners, etc.) expect from your…
It looks like you're new here. Sign in or register to get started.