When cheaper is not better: a quick guide to penetration tests

Posted by:

An IT administrator recently vented his frustration about having to conduct a penetration test.

He wanted an in-depth assessment of his system to make sure his network was operating with a low risk profile, all while still making all the required services available to his users.  

His firm has cloud services, several sensitive databases, internal and external networks, not to mention multiple operating systems (the designers “demanded” Apple products).

The idea was ...

Read More →
0

EU GDPR demystified: a straightforward checklist for US firms (PART THREE)

Posted by:

In this GDPR post, we provide you with a curated checklist to assist you during your  journey to compliance with the new European GDPR regulation, coming into effect in May 2018. Learn more about GDPR and its implications in our previous articles:

EU GDPR demystified: a straightforward reference guide for US firms – Part One 

EU GDPR demystified: a straightforward reference guide for US firms – Part Two

 

EU-GDPR REGULATION CHECKLIST FROM TBG SECURITY

 


Read More →
0

NYDFS tweak proposed cybersecurity regulations; start date pushed back to 1 March 2017

Posted by:

Last September, TBG Security wrote a helpful blog article on the proposed cybersecurity regulations put forward by the the New York State Department of Financial Services (NYDFS).

The NYDFS aimed to have these new cybersecurity requirements (23 NYCRR 500) enforceable by 1 Jan 2017. However, last week, on the 28th of December, NYDFS issued the following press release, effectively delaying the launch date to March 1, 2017.  


Read More →
0

FFIEC Cybersecurity Assessments Begin

Posted by:

The Federal Financial Institutions Examination Council has started its #cybersecurity assessment pilot program, which will examine more than 500 community banking institutions. Plus, the council has launched a Web page dedicated to cybersecurity information.

The pilot program is slated to run through July, says Stephanie Collins, spokesperson for the Office of the Comptroller of the Currency.

The aim of the pilot program is to help smaller banking institutions address potential security gaps. The assessments will be ...

Read More →
0

Compliance: Why You Can’t Afford To Stay With Windows XP

Posted by:

Now that there has been a Zero Day vulnerability identified in IE that will NOT be patched in Windows XP, we have to ask, “what will it take to get you off XP?” Perhaps the fact that you will not be able to meet your compliance requirements will provide the push you need to upgrade.

Many companies, large and small, have relied on Windows XP for years, and it hasn’t been an issue for compliance. ...

Read More →
0

Small Business Data Breach: Mitigating the Damage

Posted by:

If you’re a small business you’re probably following the Target fiasco closely and trying to figure out how this will impact your organization.

While data breaches at giant retailers like Target and TJ Maxx grab the spotlight, it’s just as realistic a scenario for small businesses – and the attacks at that level can prove far more devastating. Experts say small business owners who don’t make protecting customers’ personal information a top priority could ...

Read More →
0

SEC Struggles on Cyber-Security

Posted by:

sec cybersecurity

If you’re sick of reading about cyber-security then you’ll want to find another article to read right now because we’re going to talk about cyber-security here.

Not only are we talking about it but apparently the Securities and Exchange Commission spent 5 hours talking about it last week at it’s cyber-security roundtable. The Center for Audit Quality published guidance on cyber-security risks one day before ...

Read More →
0

Getting Ready For 201 CMR 17.00

Posted by:

Don’t forget about the paper!

There’s been a tremendous amount written lately about how to prepare for the upcoming March 1 deadline for compliance with Massachusetts 201 CMR 17.00.
Almost everything I’ve read has focused on the electronic aspect of the regulation with little or no attention paid to how an organization will change the way they handle paper containing personal information. Just as a reminder, the intent of 201 CMR 17.00 is to establish minimum standards to be met in ...

Read More →
0
})
SEC Cybersecurity Exams