Incident Handling

We implement controls to prevent security incidents.  Despite these efforts, Information Security Incidents occur.  These incidents can be caused by both internal and external factors and can be unintended or intentional.   There are generally four stages in the incident life cycle: Preparation – To prepare, we work to prevent Read more…

Cybersecurity Awareness Month 2023

Every year in October, we observe Cybersecurity Awareness Month.  Many companies leverage this opportunity to provide additional training and other valuable resources to protect their information and continue to create a culture of awareness.   As you consider how to educate yourself and your workforce, think about the current threats Read more…

Network and Data Flow Diagrams

Documentation is one of the least favorite activities in IT.  It always seems to get prioritized down in lieu of other more critical and current activities.  However, in the process of establishing a strong cybersecurity posture, one of the key documents that should be created and maintained is a Network Read more…

Human Resources and Information Security

The HR department may not be the first group that comes to mind when the Information Security topic surfaces.  However, Human Resources plays a significant role in the protection of sensitive information in all stages of an employment life-cycle. Typically, Human Resources’ activities related to Information Security are categorized in Read more…

Denial of Services Attacks

What is a Denial of Service Attack (DoS)?   A denial of service attack occurs when a malicious individual or element attempts or is successful at blocking access to a workstation, server, internal network, Internet, or other infrastructure services making those resources unavailable to one or multiple users.   The Read more…

Decommissioning of Third-Parties

  In the past, have you worked with third-parties and other third-parties that maintained a set or subset of your data? Is it possible that prior third-parties had hardware that was owned by your company? Is it possible that there were network or other communication connections between you and your Read more…