We’re familiar with the “as a service” offerings that are commonly used to support or augment our IT applications, platforms, and infrastructure: “Saas” – Software as a Service – Typically, these are best known as cloud applications. These days, we use these more than we use software installed on our Read more…
Confidential electronic information can be stored in photo copiers, multi-function output devices, tablets, laptops, desktop workstations, and a wide array of electronic devices and media. In some instances, it may not be readily apparent to the user that confidential information is there. Consider the steps that you and your company Read more…
We know the routine. Open an application or go to a web site, enter in your user ID, and authenticate with a password. Lately, however, you have noticed a third step. Once you enter your password, you receive another instruction to enter a code sent to your mobile device or Read more…
Since the original publication of this briefing and reminder, there continue to be differing opinions on exactly what percentage of data breaches are caused by human error. Originally, those percentages ranged from 25% to 75%, based on the subjectivity of the organization affected by the breach. Since that publication, the Read more…
Often, organizations that wish to mitigate the security risk of their networks, choose to divide them in separate network segments or domains. When architecting and establishing these domains, the design is typically based on the sensitivity of information, organization of the company, and the associated and necessary trust levels of Read more…
The processes around the assignment and establishment of rights is generally completed in four distinct steps. Additionally, parallels can be drawn between the assignment and management of logical and physical rights and entitlements. The following process map demonstrates the steps involved in the assignment and management of these rights: Take Read more…
It has become clear that one of the primary assets hackers are looking to acquire when information is stolen are the user credentials. Once credentials are stolen, sophisticated methods to scour websites and apply the stolen credentials are used to gain access to your information with the intent on monetizing. Read more…
This update primarily impacts our colleagues in the Healthcare Industry, but history has shown that once one standard is updated, they all follow suit. To that end, in 2022 there is proposed rule making that will alter some of the HIPAA rules. HIPAA has now been in place for over Read more…
The objective of any cybersecurity framework is to provide a methodology and common set of recommended or prescribed controls for the user to implement to protect information. Once the framework is implemented, what separates the beginners from the pros? The organizations that have been on the playing field longer are Read more…
How are employees connecting? In times where everyone who does their job from a computer is working from home, companies are being creative about making the environment available to the workers. Is the risk of a work at home environment being completely considered? We will examine the different scenarios: Read more…