One of the most common tests we perform for clients is an internal penetration test, designed to explore the vulnerabilities across a company’s internal networks. This testing emulates what an attacker that gained an initial foothold on the network could do or what kind of problems a malicious insider could cause, to put it briefly. […]
The Gramm-Leach-Bliley Act or GLBA is also known as the Financial Modernization Act of 1999. The GLBA requires companies defined under the law as “financial institutions” to ensure the security and confidentiality of consumer’s financial information. As part of its implementation of the GLBA, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires […]
Today, we look at 2 dangers of shared accounts. Many compliance requirements, for example PCI DSS, require users to have unique accounts and prohibits the use of shared accounts. However, rather than blindly complying with the requirement, let’s take a look at why this is important. First, shared accounts have shared passwords. In other words, […]
In today’s blog, we are going to take a look at a key concept in information security: nonrepudiation. Simply put, nonrepudiation is the assurance that someone cannot deny an action they took. This can apply to an email, for example. If the sender sends the message with a digital signature, this proves that the sender […]
Measuring the effectiveness of a penetration test is tough. Everyone has a different method to determine if a penetration test was “effective”. We recently completed an assessment for a client that came back with over 100 vulnerabilities. They had the exact same penetration test performed the prior year by a different firm and had less […]
In this blog, we’re going to do a quick review of PCI DSS Requirement 12.11 and provide some strategies for service providers who need to maintain PCI compliance. As you may have guessed from context clues in the first sentence of this blog, this requirement only applies to service providers and does not need to […]
