Are legacy apps lurking on your network?

Posted by:

Network audits can be instrumental in sanitising your systems, ensuring there are no legacy, outdated or vulnerable applications lurking on the network.

You probably don’t need us to tell you that networks are complex beasts. Network administrators walk a tightrope between making sure all files are available for the right people at the right time, and ensuring that the unauthorised are denied access at every turn.

Knowing what is on your system is vital – we’ve previously Read More →

0

The PEBCAK scenario: securing systems against non-malicious employees

Posted by:

Ever use the expression PEBCAK? What about ID-Ten-T error?*

While many variations exist, they all mean the same thing: user error. Ignoring the negative sentiment implied, it’s effectively a shorthand to say, “not our fault.”

In the world of, say, technical support, perhaps this expression might be acceptable. Many tech support teams exist simply to ensure their widgets are functioning correctly. But when an IT representative uses such terms to refer to a user within the organization, shouldn’t it raise a red ...

Read More →
1

How to get stakeholder ‘buy in’ for regular penetration testing

Posted by:

Yet another massive breach was confirmed last week, after 2.2 million patient and employee private records at cancer treatment provider 21st Century Oncology Holdings were found to be accessible to unauthorized third-parties.

Patients’ names, Social Security numbers, physicians’ names, diagnoses and treatment information, as well as insurance records could now all be in the clutches of unauthorized individuals. Ouch.

The FBI made the organization Read More →

0

Penetration testing: Don’t caught with your pants down

Posted by:

Why is penetration testing important?
You can’t fix what you don’t know is broken.

Discovering a leak only when some unauthorized visitor has taken advantage of it sucks.

Ask anyone who’s gone through it. Hackers might have slipped into your network to snoop around, nab confidential information and/or cause havoc…Whatever the case, this is most definitely a situation that is better avoided.

At USENIX Enigma 2016, NSA TAO Chief Rob Joyce presented Disrupting Nation State Hackers. In this ...

Read More →
0

OCIE’s Cybersecurity exams 2016: what you need to know now

Posted by:

SEC Cybersecurity ExamsWe are all aware that more high-profile cyber attacks are expected, so it is no surprise that the SEC’s Office of Compliance Inspections and Examinations (OCIE) have stated that cybersecurity will continue to be a priority for 2016.

In fact, The OCIE announced that the cybersecurity exams will include more in-depth assessments procedures and control implementations within organizations, but more ...

Read More →
0

Three BIG security threat predictions for 2016: Make sure you are covered!

Posted by:

With many security companies pushing out their threat predictions for 2016, we thought it best to review as many as we could in order to compile a definitive list of what to look out for in this coming year.

And, as independent consultants without any direct or indirect ties to specific security providers, we are well placed to provide an product-agnostic perspective on the state of security in 2016.

More importantly, we wanted to give you expert advice on how you can ...

Read More →
0

New Cybersecurity Exam Process For New York Banks

Posted by:

cybersecurity examsSuperintendent of the Department of Financial Services (NYDFS) Benjamin M. Lawsky announced in a memorandum, adding to the banks’ compliance obligations, effective immediately, banks chartered or licensed in New York will now face an updated cybersecurity examination process.   “The Department encourages all institutions to view cybersecurity as an integral aspect of their overall risk management strategy, rather than solely as a subset of information technology,” Lawsky wrote. Additions to ...

Read More →
0

SEC Could Pressure Companies To Tighten CyberSecurity

Posted by:

SEC data breach reportingThe Securities and Exchange Commission is advancing measures that would require publicly owned companies to disclose more information about their cybersecurity vulnerabilities, including data breaches.

The requirements could put pressure on companies to tighten their own security, because the SEC rules would let the public know how well firms are securing their private information.

On Tuesday, the White House launched a new ...

Read More →
0

The Top Healthcare Breaches of 2014 – Infographic

Posted by:

Learning From Healthcare Beaches 2014

Sure there was the recent Sony breach, & Chick-Fil-A breach, before that Home Depot and countless other breaches of personal information and credit card info.   But the largest health data breaches in the US listed on the federal tally so far demonstrate that security incidents are stemming from a variety of causes, from hacker attacks to missteps by business associates.

The top health care breaches offer important lessons that go beyond the usual message about the importance of encrypting ...

Read More →
0

Winning Support for Data Breach Prevention

Posted by:

 Getting Buy In At The C-Level

With the plethora of data breaches in recent months, especially the high-profile Target incident, the topic of breach prevention may now be on the minds of more CEOs and boards of directors. But getting buy-in for funding still requires educating executives on the risks that could have a material impact on the business and raising awareness of critical data security issues.

“[Breach prevention] has certainly garnered attention with executives,” says ...

Read More →
0
Page 6 of 7 «...34567
})
SEC Cybersecurity Exams