Tips for getting your IT security budget approved

Posted by:

“Many boards now have a clear focus on information security risks. This is not always reflected across the broader organization. Security and risk management professionals must manage and defend security budgets to meet stakeholder expectations of protection.”

These words, published on the Gartner website, are frustratingly true for many firms out there.

CIOs oversee the accessibility, confidentiality and integrity of files and systems. This means they must introduce new and maintain old systems, ensuring everyone can who ...

Read More →
0

NYDFS tweak proposed cybersecurity regulations; start date pushed back to 1 March 2017

Posted by:

Last September, TBG Security wrote a helpful blog article on the proposed cybersecurity regulations put forward by the the New York State Department of Financial Services (NYDFS).

The NYDFS aimed to have these new cybersecurity requirements (23 NYCRR 500) enforceable by 1 Jan 2017. However, last week, on the 28th of December, NYDFS issued the following press release, effectively delaying the launch date to March 1, 2017.  


Read More →
0

“You Hacked.” Unexpected lessons from a ransomware attack on public services

Posted by:

You know it is a bad day when your computer screen blips up with this ransomware message:


“You Hacked, ALL Data Encrypted. Contact For Key (cryptom27@yandex.com)ID:681, Enter.”

But if the day is Black Friday, and your computer is part of a major US city’s municipal transit system, I think we can all agree that this constitutes a very, very, bad day indeed.

This was the ransomware message presented on hundreds of SFMTA (San Francisco’s transit agency) computer screens on Black Friday – 25 November.

The ...

Read More →
0

Offensive Security Unbound: introducing Red Team Service

Posted by:

With new cyber threats exploding into existence and commandeering what we would normally consider to be well-defended networks, our concern was straight-forward: how do we provide more effective security measures for our TBG Security customers?

We decided to get down to brass tacks to figure out how we could elevate IT security to the next level.

Instead of offering spot checks at set times, what if TBG Security set up a team of accredited security professionals that could use the methods an ...

Read More →
0

How to get stakeholder ‘buy in’ for regular penetration testing

Posted by:

Yet another massive breach was confirmed last week, after 2.2 million patient and employee private records at cancer treatment provider 21st Century Oncology Holdings were found to be accessible to unauthorized third-parties.

Patients’ names, Social Security numbers, physicians’ names, diagnoses and treatment information, as well as insurance records could now all be in the clutches of unauthorized individuals. Ouch.

The FBI made the organization Read More →

0

Penetration testing: Don’t caught with your pants down

Posted by:

Why is penetration testing important?
You can’t fix what you don’t know is broken.

Discovering a leak only when some unauthorized visitor has taken advantage of it sucks.

Ask anyone who’s gone through it. Hackers might have slipped into your network to snoop around, nab confidential information and/or cause havoc…Whatever the case, this is most definitely a situation that is better avoided.

At USENIX Enigma 2016, NSA TAO Chief Rob Joyce presented Disrupting Nation State Hackers. In this ...

Read More →
0

Enterprise Penetration Testing In The Palm Of Your Hand

Posted by:

Pwnie Express Unveils Next Generation State-of-the-Art Pwn Phone 2014.

pwn phone penetration testingEarlier this week, Pwnie Express revealed the next generation of its  game-changing Pwn Phone, a cutting edge sleek phone that doubles as a powerful penetration testing device making it incredibly easy to evaluate wired, wireless and Bluetooth networks.

The leader in vulnerability assessment and penetration testing devices, the Pwn Phone 2014 is ...

Read More →
0
})
SEC Cybersecurity Exams