Introduction In an era of escalating cybersecurity threats, proactive defense measures are essential to protect an organization’s systems and data. Penetration testing, or ethical hacking, plays a crucial role in identifying and addressing security vulnerabilities before malicious actors can exploit them. This briefing highlights the significance of penetration testing, with Read more…
In the not-too-distant past, our primary method for sharing files was to exchange a USB Drive, SD card, or email. All these mediums have various limitations and vulnerabilities. Specifically, malicious actors use these vehicles to transmit malevolent code and, in most cases, the media on which the data is stored Read more…
Now that risk is identified, how do we address it? In information security, new risks surface daily. These new risks are the result of the evolving threat landscape, implementation of new technologies, changes in regulatory requirements, and potential for human error. In principle, there are six methods (treatments) to address Read more…
If we would like to establish effective security controls to protect our information assets, we should first start by classifying those assets. Like the controls in place to protect the information, the respective classification follows a process where we evaluate the degree of necessary confidentiality, integrity, and availability of the Read more…
What is vulnerability scanning? Vulnerability scanning is the process of examining external and internal attack surfaces to identify weaknesses that will be exploited by malicious actors who attempt to infiltrate an organization’s systems, data, network, infrastructure, web page, or application. What is meant by “weaknesses”? Given the complexities of information Read more…
The HR team may not be the first group that comes to mind when the Information Security topic surfaces. However, Human Resources plays a significant role in the protection of sensitive information in all stages of an employment life cycle. Typically, Human Resources’ activities related to Information Security are categorized Read more…
Personally Identifiable Information: Personally Identifiable Information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.[i] Protected Health Information: The Privacy Rule defines PHI as Read more…
In the previous bulletin, we offered guidance on preparing and developing a plan to prepare for and address an information security incident, should it occur. Once the plan has been developed, how do we verify that it is effective and will operate as planned? In order to understand if Read more…
We implement controls to prevent security incidents. Despite these efforts, Information Security Incidents occur. These incidents can be caused by both internal and external factors and can be unintended or intentional. There are generally four stages in the incident life cycle: Preparation – To prepare, we work to prevent Read more…
Every year in October, we observe Cybersecurity Awareness Month. Many companies leverage this opportunity to provide additional training and other valuable resources to protect their information and continue to create a culture of awareness. As you consider how to educate yourself and your workforce, think about the current threats Read more…