On August 3, 2018, Governor John Kasich signed Senate Bill 220, also known as the “Ohio Data Protection Act“. Unfortunately, this caused some confusion for businesses operating in Ohio, so today, we will discuss the act and how it may apply to you. This act IS NOT meant to lay forth a minimum security requirement for businesses in Ohio. In fact, […]
Conducting OSINT, or open source intelligence, operations refers to the act of gaining information about a target through “open sources.” This is data that is freely available on the Internet through things like search engines. Open source reconnaissance is a key part of any good penetration test, as it can provide useful information that is […]
One of the age-old battles in information security is balancing the trade-offs between usability vs. security. We recently had a conversation with a client where this was brought up as a concern for implementing security controls we were recommending. The client said, “sure I can lock down this website such that no IP can get […]
Penetration testing requests for proposals (RFPs) or requests for quotes (RFQs) can be a great way to bid on and potentially win penetration testing projects as a business. Many pen testing vendors rely on capturing business solely, or mostly, through RFP submissions. Most RFPs are for government entities such as local municipalities, state run schools, […]
As with every type of penetration test we perform, our engineers are experienced and know how to balance the goal of giving you a realistic view of your vulnerabilities with the need to avoid business disruptions. However, just like other types of tests, as good as we may be, there can occasionally be problems that […]
As we have previously discussed, a vishing attack is usually one of the most successful types of social engineering both in the wild and during engagements. Due to the nature of a vishing attack, many employees fall victim to simple variations because they are conducted over the phone and they aren’t as familiar with the […]
In today’s blog, we are going to look at how ransomware works and why it necessitates the use of offline backups for your organization. Having audited hundreds of organizations, it is clear to me that most IT professionals are considering availability. It is very common for organizations to be taking regular backups and for these […]
South Carolina became the first state to pass cyber security legislation for insurance companies in 2018. The South Carolina Insurance Data Security Act was passed on May 3rd, 2018 and was modeled after the NAIC Insurance Data Security Model Law. Today we will dive deeper into the law and try to understand the ramifications of […]
The path to HIPAA compliance is paved with many hurdles. One of the first issues most organizations encounter is identifying how HIPAA applies to them and whether they need to meet compliance. So in order to move forward and start applying the necessary controls to meet compliance, you’ve got to determine whether you are a […]
In today’s blog, we are going to explore the concept of Black Box vs. White Box testing. There are a lot of terms thrown around when it comes to security, and it is easy to get confused, especially when different sources use different definitions for each term. Not to worry, we’ll explore black box, gray […]
