Access Reviews – Revisited

What are “Access Reviews”? Over time, as workforce members leave the company or move to other positions within the same organization, they no longer need access to certain systems, or they require access to new systems.  Periodically, it is important to review the access of current and terminated employees to Read more…

“MaaS” – Malware as a Service

We’re familiar with the “as a service” offerings that are commonly used to support or augment our IT applications, platforms, and infrastructure: “Saas” – Software as a Service – Typically, these are best known as cloud applications. These days, we use these more than we use software installed on our Read more…

Passwordless Authentication

We know the routine.  Open an application or go to a web site, enter in your user ID, and authenticate with a password.  Lately, however, you have noticed a third step.  Once you enter your password, you receive another instruction to enter a code sent to your mobile device or Read more…

Information Security Policy Review

Why are policies important? When an organization first undertakes the effort of implementing an Information Security Framework or Management System, a key step is the development of policies, procedures, and standards. Every information security framework requires the development and implementation of policies.  NIST SP 800-171, HIPAA, ISO 27001:2013, PCI, SOC Read more…

Network Segregation and Segmentation

Often, organizations that wish to mitigate the security risk of their networks, choose to divide them in separate network segments or domains.  When architecting and establishing these domains, the design is typically based on the sensitivity of information, organization of the company, and the associated and necessary trust levels of Read more…