Building a security program for an organization can be overwhelming. If you don’t have anything in place for managing information security, you’re probably already behind the curve. Information security is quickly becoming a baseline requirement for organization’s of all sizes, from mom and pop shops to start-ups to Fortune 500s. Large organizations are being increasingly […]
Spoiler alert! In this blog, I will not be giving you a silver bullet for security or tell you the exact MFA solution you should use for your for small business. Rather, we will look at the key things you need to consider when purchasing and implementing multi-factor authentication (MFA). Before we get into the […]
As you might imagine, penetration testing is an extremely technical field that leverages state of the art technology and concepts. With that in mind, it is not always easy to describe a penetration test, what penetration testing consists of, and what they can achieve to non-technical individuals. This includes members of senior management, board members, […]
Regular penetration tests, unfortunately, do not guarantee you won’t be hacked. In fact, if a firm offers you any sort of guarantee with regards to the results and your susceptibility to a breach following an assessment, this should be a red flag. While we can’t give you a penetration test guarantee that you won’t be […]
As we’ve discussed previously, a host compliance audit is an assessment of the configuration of a particular system (workstation, server, or network device) or set of systems. The configuration settings are compared to published security standards, industry best practice, and the security engineer’s experiences to highlight potential vulnerabilities and misconfigurations that result in risks to […]
A host compliance audit is a type of security assessment that involves the manual inspection of a workstation, server, or network device by a trained security engineer in order to evaluate the configuration, hardening, and security controls applied to the target. Using a published best practice standard, like the Center for Internet Security (CIS) benchmarks, […]
