One of the age-old battles in information security is balancing the trade-offs between usability vs. security. We recently had a conversation with a client where this was brought up as a concern for implementing security controls we were recommending. The client said, “sure I can lock down this website such that no IP can get […]
Penetration testing requests for proposals (RFPs) or requests for quotes (RFQs) can be a great way to bid on and potentially win penetration testing projects as a business. Many pen testing vendors rely on capturing business solely, or mostly, through RFP submissions. Most RFPs are for government entities such as local municipalities, state run schools, […]
One of the questions we often get when scoping out external penetration tests is “Can this testing be conducted after-hours or outside of regular business hours?” And while the answer is always “yes, we can do that,” some organizations aren’t aware of the trade-offs and risks here, so they may be signing up for a […]
As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that […]
As we have previously discussed, a vishing attack is usually one of the most successful types of social engineering both in the wild and during engagements. Due to the nature of a vishing attack, many employees fall victim to simple variations because they are conducted over the phone and they aren’t as familiar with the […]
In today’s blog, we are going to look at how ransomware works and why it necessitates the use of offline backups for your organization. Having audited hundreds of organizations, it is clear to me that most IT professionals are considering availability. It is very common for organizations to be taking regular backups and for these […]
South Carolina became the first state to pass cyber security legislation for insurance companies in 2018. The South Carolina Insurance Data Security Act was passed on May 3rd, 2018 and was modeled after the NAIC Insurance Data Security Model Law. Today we will dive deeper into the law and try to understand the ramifications of […]
The path to HIPAA compliance is paved with many hurdles. One of the first issues most organizations encounter is identifying how HIPAA applies to them and whether they need to meet compliance. So in order to move forward and start applying the necessary controls to meet compliance, you’ve got to determine whether you are a […]
In today’s blog, we are going to explore the concept of Black Box vs. White Box testing. There are a lot of terms thrown around when it comes to security, and it is easy to get confused, especially when different sources use different definitions for each term. Not to worry, we’ll explore black box, gray […]
One of the security services that Triaxiom Security offers is Incident Response assistance. We help an organization determine if a breach has occurred, what is the extent of that breach, was any sensitive data exfiltrated, and what was the initial point of compromise that allowed the breach. The scenarios that lead up to a full […]
