We implement controls to prevent security incidents. Despite these efforts, Information Security Incidents occur. These incidents can be caused by both internal and external factors and can be unintended or intentional. There are generally four stages in the incident life cycle: Preparation – To prepare, we work to prevent Read more…
Every year in October, we observe Cybersecurity Awareness Month. Many companies leverage this opportunity to provide additional training and other valuable resources to protect their information and continue to create a culture of awareness. As you consider how to educate yourself and your workforce, think about the current threats Read more…
I am considering using AI in my information security controls. How can it help? Last month, we discussed some of the basics around how to protect and make available information generated from AI in Information Security. This month, we would like to dive deeper into how it can be Read more…
I am considering using AI in my business. What basic cybersecurity components should I factor into my decision? Artificial Intelligence has become a hot topic recently. The basic concept of Artificial Intelligence is that it uses computers and automated methods to perform problem solving and decision-making skills typically performed by Read more…
Documentation is one of the least favorite activities in IT. It always seems to get prioritized down in lieu of other more critical and current activities. However, in the process of establishing a strong cybersecurity posture, one of the key documents that should be created and maintained is a Network Read more…
Confidential electronic information can be stored in photo copiers, multi-function output devices, tablets, laptops, desktop workstations, and a wide array of electronic devices and media. In some instances, it may not be readily apparent to the user that confidential information is there. Consider the steps that you and your company Read more…
The processes around the assignment and establishment of rights is generally a four step process. Additionally, parallels can be drawn between the assignment and management of logical and physical rights and entitlements. The following process map demonstrates the steps involved in the assignment and management of these rights: Take note Read more…
The HR department may not be the first group that comes to mind when the Information Security topic surfaces. However, Human Resources plays a significant role in the protection of sensitive information in all stages of an employment life-cycle. Typically, Human Resources’ activities related to Information Security are categorized in Read more…
What is a Denial of Service Attack (DoS)? A denial of service attack occurs when a malicious individual or element attempts or is successful at blocking access to a workstation, server, internal network, Internet, or other infrastructure services making those resources unavailable to one or multiple users. The Read more…
In the past, have you worked with third-parties and other third-parties that maintained a set or subset of your data? Is it possible that prior third-parties had hardware that was owned by your company? Is it possible that there were network or other communication connections between you and your Read more…