On September 24th, 2019, Senate Bill S.315 aka the “DHS Cyber Hunt and Incident Response Teams Act of 2019” was passed unanimously. The legislation seeks to amend the Homeland Security Act of 2002, authorizing DHS’ National Cybersecurity and Communications Integration Center (NCCIC) to permanently operate cyber hunt and incident response teams that can aid federal […]
In the spirit of kicking off Cyber Security Awareness Month, today we take a look back at useful tricks and tips to help improve your organization’s cyber security awareness. Remember, you are only as secure as your weakest link, which tends to be the people working in your organization. Password Management As you might expect, […]
For any organization, the first step in protecting your assets is understanding what you have. While most companies are pretty good at inventorying their physical assets (e.g. computers, devices, monitors), they are overlooking another critical asset they should be considering: their data. Understanding how what sensitive data flows throughout your network, who has access to […]
What is the Visa Merchant Servicer Self-Identification Program (MSSIP) and how can I get my company included on the list? This is a great question and today we will explore what this is, the benefits for your company, and how you can get on the list. What is the Visa MSSIP? The Visa MSSIP was […]
In today’s blog, we are going to focus on PCI compliance. If you are being asked to show that you are handling credit card information appropriately and are compliant with the PCI Data Security Standard (DSS), there are two ways this can be done, a Self Assessment Questionnaire (SAQ) or a Report on Compliance (RoC). […]
We discussed last week that open source intelligence, or OSINT, is one of the most important phases of an assessment for a penetration tester. It is this part of a test where an engineer is gathering background information about an organization that is publicly available, ranging from the business they are in, to the types […]
There is no question that administrators need an account with elevated permissions so they can effectively manage and care for the domain and users. For this blog, let’s call that account the “Superman” account. However, security best practice is increasingly calling for administrators to have a second account that they use to perform their daily […]
On August 3, 2018, Governor John Kasich signed Senate Bill 220, also known as the “Ohio Data Protection Act“. Unfortunately, this caused some confusion for businesses operating in Ohio, so today, we will discuss the act and how it may apply to you. This act IS NOT meant to lay forth a minimum security requirement for businesses in Ohio. In fact, […]
Conducting OSINT, or open source intelligence, operations refers to the act of gaining information about a target through “open sources.” This is data that is freely available on the Internet through things like search engines. Open source reconnaissance is a key part of any good penetration test, as it can provide useful information that is […]
One of the age-old battles in information security is balancing the trade-offs between usability vs. security. We recently had a conversation with a client where this was brought up as a concern for implementing security controls we were recommending. The client said, “sure I can lock down this website such that no IP can get […]
