Continuing in our key security concept series, this blog will look at the CIA Triad. If you haven’t been following, check out the other blogs in this series on nonrepudiation and dual control. The CIA Triad is one of the most important concepts in information security, as it should drive the actions we take. This […]
Prior to stay at home orders from COVID-19, the 800 million active TikTok users (out of the over 1 billion subscribed users) spent an average of 52 minutes per day on the app. The average user on this social media platform is between the ages of 16-24, and with all these teens stuck at home […]
We are approaching the end of our series of blogs that touch on some important items that your organization should consider for each of the phases of the incident response process, including identification, eradication, and containment. This week we touch on the recovery process following an incident, once everything has been contained and eradicated. This […]
This blog is a continuation of our key security concept blog series. If you have not already, check out our first blog from this series, which discusses nonrepudiation. In today’s blog, we are going to look at another important, but rarely discussed concept, dual control. Simply put, dual control is defined as requiring two or […]
Perhaps the most important part of a penetration test, aside from the execution of the test, is the quality assurance or QA of the results and documentation. At the end of the day, the results and the final reports are what you are paying for with a penetration test. Technical Quality Assurance There is nothing […]
As we continue our series laying out some helpful initial checklists for small-medium sized businesses to better prepare for potential security incidents, we’re now moving into the latter half of the six phases of incident response with eradication. After you have contained a security incident and limited its ability to spread, you now have to […]
We’ve written previously about some helpful checklists for small-medium sized businesses about their incident response process in general and for the identification of potential security incidents more specifically. Today, we’re going to continue that train of thought through to the containment process with a security incident containment checklist. The overall process for incident response is […]
In light of the global pandemic caused by COVID-19, many companies are adapting to a new reality. For many organizations, that means that most, if not all, of their employees are working remote. This allows employees to adhere to social distancing guidelines while still being productive. While there are many distractions and challenges to overcome […]
In the cybersecurity world, there are acronyms for everything from certifications, tools, compliance requirements, and agencies. Today, we continue exploring the various agencies that exist and what they offer to the cybersecurity world with a deep dive on the Federal Financial Institutions Examination Council or “FFIEC“. FFIEC History The FFIEC was established on March 10, […]
One of the most common tests we perform for clients is an internal penetration test, designed to explore the vulnerabilities across a company’s internal networks. This testing emulates what an attacker that gained an initial foothold on the network could do or what kind of problems a malicious insider could cause, to put it briefly. […]
