Often, organizations that wish to mitigate the security risk of their networks, choose to divide them in separate network segments or domains. When architecting and establishing these domains, the design is typically based on the sensitivity of information, organization of the company, and the associated and necessary trust levels of Read more…
The processes around the assignment and establishment of rights is generally completed in four distinct steps. Additionally, parallels can be drawn between the assignment and management of logical and physical rights and entitlements. The following process map demonstrates the steps involved in the assignment and management of these rights: Take Read more…
It has become clear that one of the primary assets hackers are looking to acquire when information is stolen are the user credentials. Once credentials are stolen, sophisticated methods to scour websites and apply the stolen credentials are used to gain access to your information with the intent on monetizing. Read more…
This update primarily impacts our colleagues in the Healthcare Industry, but history has shown that once one standard is updated, they all follow suit. To that end, in 2022 there is proposed rule making that will alter some of the HIPAA rules. HIPAA has now been in place for over Read more…
The objective of any cybersecurity framework is to provide a methodology and common set of recommended or prescribed controls for the user to implement to protect information. Once the framework is implemented, what separates the beginners from the pros? The organizations that have been on the playing field longer are Read more…
How are employees connecting? In times where everyone who does their job from a computer is working from home, companies are being creative about making the environment available to the workers. Is the risk of a work at home environment being completely considered? We will examine the different scenarios: Read more…
What is “DLP” or “Data Loss Prevention” One of the most important and valuable assets a company possesses is the information. This has become clear over the years based on the attacks by malicious parties and actors to steal that information, render it unusable, and make it unavailable. Client/patient information, Read more…
Were you aware that October was Cybersecurity Awareness Month, or previously known as National Cybersecurity Awareness Month? Did you also know that in 2021, Cybersecurity Awareness Month celebrated its 18th anniversary? In 2004, the National Cybersecurity Alliance and the Department of Homeland Security CISA (Cybersecurity and Infrastructure Security Agency) Read more…
When you have discovered a vulnerability, have you ever been confused about how to determine the risk level of that vulnerability or the time-frame in which that vulnerability should be addressed? Among the many publications in the NIST (National Institute of Standards and Technology) library, there are tools to Read more…
Have you noticed recently that many of the web sites you visit now have a link or banner that displays additional information for “California Residents”? When clicking on the link, you learn about all the additional protections around the privacy and security of your personal information. For example, a few Read more…