When going through one of our security gap analyses, we are often asked to clarify why the interviewee is being asked if they have an asset inventory in place. Asset inventories are more than just a spreadsheet to track your hardware. According to the HIPAA Security Rule Crosswalk to NIST, managing assets enables “the organization to […]
How do I fill out a vendor security assessment questionnaire? As company’s are beginning to become more security focused and realize that suppliers/vendors represent potential security threats, we are constantly being asked how to fill out a supplier assessment related to information security. While we think this is great for the security industry, it often […]
Host compliance audits are known by a lot of different names. Configuration reviews, security reviews, configuration audits, and host checks are just a few names I’ve heard tossed around to describe a review of the level of security of a workstation/server/device. This is done by using a combination of a best practice standard and a […]
On September 8th, 2018, Marriott received an alert from an internal security tool in what would be the start of one of the worst data breaches of 2018. After disclosing the breach, which affected approximately 383 million victims, shares fell 5.6% and Marriott is now facing a class-action lawsuit. Although it is too soon to […]
According to a survey conducted by Wombat Security, 76% of companies in 2017 experienced phishing attacks. Not only that, but social engineering is the most prevalent way an organization gets breached. Think about it, you probably spend a lot of time and money shoring up your perimeter security posture. You are diligent about ensuring systems are patched and up-to-date, […]
Most of the folks looking for penetration testing or information security consulting try and choose a firm that they feel meets their needs the best. One of the ways that prospective clients may do this is by looking for a particular firm that claims to specialize in their industry or vertical. And we’ve even seen […]
Is there such thing as an “approved” penetration testing company? This is something we get asked quite often. Unfortunately, there is no overall industry accreditation that is required for firms to be able to conduct penetration testing. There are, however, certain designations that firms can receive for certain types of audits that may require penetration […]
The scope of a penetration test is one of the most important parameters that will define whether the test meets your expectation. The scope of an assessment is usually comprised of a detailed listing of targets. The scope of a penetration test may be represented by the number of systems that are to be tested, […]
The United States government now has an official cybersecurity agency with the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill that Trump signed into law on November 16th, 2018 changes the National Protection and Programs Directorate (NPPD) into a standalone agency, moving it out from under the Department of Homeland Security (DHS). […]
It’s hard to believe we are closing in on the end of 2018. We want to take this time to reflect with a look back at the 2018 cybersecurity year in review, and a look ahead to what next year may hold. Key Themes Continued Improvement, But Still Not Enough While firms are starting to […]
