What is a Denial of Service Attack (DoS)? A denial of service attack occurs when a malicious individual or element attempts or is successful at blocking access to a workstation, server, internal network, Internet, or other infrastructure services making those resources unavailable to one or multiple users. The Read more…
In the past, have you worked with third-parties and other third-parties that maintained a set or subset of your data? Is it possible that prior third-parties had hardware that was owned by your company? Is it possible that there were network or other communication connections between you and your Read more…
What are “Access Reviews”? Over time, as workforce members leave the company or move to other positions within the same organization, they no longer need access to certain systems, or they require access to new systems. Periodically, it is important to review the access of current and terminated employees to Read more…
Is your organization in a situation where a customer or regulator is requiring an independent information security certification? Some of the required certifications that are becoming mainstream include CMMC 2.0, HITRUST, PCI, SOC 2, and ISO 27001:2013. If you’ve been through one of these certifications, you know that it Read more…
We’re familiar with the “as a service” offerings that are commonly used to support or augment our IT applications, platforms, and infrastructure: “Saas” – Software as a Service – Typically, these are best known as cloud applications. These days, we use these more than we use software installed on our Read more…
Confidential electronic information can be stored in photo copiers, multi-function output devices, tablets, laptops, desktop workstations, and a wide array of electronic devices and media. In some instances, it may not be readily apparent to the user that confidential information is there. Consider the steps that you and your company Read more…
We know the routine. Open an application or go to a web site, enter in your user ID, and authenticate with a password. Lately, however, you have noticed a third step. Once you enter your password, you receive another instruction to enter a code sent to your mobile device or Read more…
Since the original publication of this briefing and reminder, there continue to be differing opinions on exactly what percentage of data breaches are caused by human error. Originally, those percentages ranged from 25% to 75%, based on the subjectivity of the organization affected by the breach. Since that publication, the Read more…
Often, organizations that wish to mitigate the security risk of their networks, choose to divide them in separate network segments or domains. When architecting and establishing these domains, the design is typically based on the sensitivity of information, organization of the company, and the associated and necessary trust levels of Read more…
The processes around the assignment and establishment of rights is generally completed in four distinct steps. Additionally, parallels can be drawn between the assignment and management of logical and physical rights and entitlements. The following process map demonstrates the steps involved in the assignment and management of these rights: Take Read more…