The Department of Homeland security has designated October as the National Cyber Security Awareness month. In its honor, here are our top 10 most popular blog posts from the past year (based on readers’ input) which cover a mix of tips and best practices for how to make your organization more secure and provide better protection against cyber-attacks, as well how to keep your own digital persona private in today’s very public, connected world.
Are You Guilty of the Seven Deadly Sins of Security Policy Change Management?
Managing ever-growing network security policies is not getting any easier. We are facing more threats, greater complexity and increased demand for both security and application connectivity. However, many companies are failing to update their approach to security policy management to keep up with these challenges. In my years of interactions with companies across pretty much every geography and industry vertical I’ve identified what I call the “Seven Deadly Sins” of security policy management. I am sure none of them take place in YOUR organization (fingers crossed) but in just in case you want to help err… a friend…Read the post here.
You Can Resist the Temptation of the Shiny New Tools
Driven by market hype many IT security pros and their CISOs believe that they must have the latest and greatest new tools to win the battle against cybercrime. But just look at one of the most discussed breaches of 2014. Target had a variety of tools and services already in place to detect and potentially block attacks. These existing tools did sound the alarm. But the company was too focused on its investment in new tools, instead of paying attention to their existing tools.
Target is not alone: Most companies don’t need to invest in yet another shiny new technology. In fact according to leading industry research, upwards of 95% breaches can be prevented by better managing existing technologies and making sure you cover the the security basics, such as removing unused firewall rules, ensuring systems are patched, removing unnecessary admin rights etc. Read the post here.
Top 10 Common Firewall Flaws: What You Don’t Know Can Hurt You!
Do you really know what vulnerabilities currently exist in your enterprise firewalls? Your vulnerability scans are coming up clean. Your penetration tests have not revealed anything of significance. Therefore, everything’s in check, right? Not necessarily. Numerous firewall-related vulnerabilities may well be present right under your nose. Sometimes they’re blatantly obvious. Other times, not so much. Here’s our top 10 common firewall vulnerabilities that you need to be on the lookout for listed in order of typical significance/priority. Read the post here.
Firewalls, Breaches and the 2015 Verizon PCI DSS Report
According to the recent Verizon 2015 PCI Compliance Report “27% of organizations that suffered a data breach in 2014 were compliant with Requirement 1 [of the PCI DSS standards] at the time of their breach”, which means that 73% were not… And, as the report points out, “there is strong correlation between a badly configured firewall and the likelihood of a security breach”. Requirement 1, as we know, requires companies to install and maintain a firewall configuration to protect cardholder data. This post discusses Verizon’s findings and its recommendations to help companies comply with Requirement 1. Read the post here.
You Can’t Manage What You Can’t Measure: Tips to Help You Build an Information Security Measurement Program
There’s a mantra in the business world that says “You can’t manage what you can’t measure” and no truer words have ever been spoken in information security. Building an information security metrics program is not glamorous, but it’s an invaluable tool to help measure and visualize KPI’s (Key Performance Indicators) to help you improve security across the organization. By displaying the evidence in an objective manner to your selected key stakeholders you will be able to get your point across regarding risks, areas of improvement and highlight the company’s achievements in protecting the organization. Read the post here.
Two Factor Authentication: Why, When and How
We’ve heard about cases in the news, and some of us have personally experienced having our credentials stolen by cyber criminals and used for malicious purposes. It’s become so frequent that people have become numb to it. How many times have you seen someone post on their social media account that they’ve been hacked or that their credentials were stolen? This post discusses two factor authentication – when you should use it, and what techniques are available to help prevent the theft of credentials and protect against unauthorized access. Read the post here.
Tips for Creating a Security Architecture for the Mobile Enterprise
Today, when we think of mobility our first inclination is to look at the hand-held device right next to us. But that’s a very tactical approach to a much broader, strategic conversation. The concept of enterprise mobility security must now involve the end-user, how content is consumed, how efficiently it’s being delivered, security and compliance as well as the end-point device itself. While the overall goal of mobile communications is to enable and empower the mobile workforce to give them greater freedom of access to information and resources, it must be done securely. Yet many consumers and organizations still do not yet recognize that security is important for mobile devices and have not yet established a consistent practice of deploying mobile device protection platforms. This post looks at how you can be better prepare for this mobile revolution. Read the post here.
Selecting the Right IaaS Platform: 8 Tips to Help Ensure You’re Secure
With its flexibility and cost savings cloud computing is now here, and whether you know it or not, you’re most likely using it one way or another. At least some of your data, whether personal or business, sensitive or public, is likely being stored, processed and consumed via this mystical all-encompassing cloud in some way.
There are three main types of cloud offerings today – IaaS, PaaS, SaaS – and each comes with a different expectation of security and privacy. As consumers, we need to understand the differences between cloud offerings and what to expect with regards to security and privacy. This post reviews the IaaS (Infrastructure as a Service) service model and ways to properly secure it. Read the post here.
Look Before You Leap: Tips to Help You Manage Your Security Policy Across a Hybrid Cloud Environment
Having secured network access in your data center for years using a mix of firewalls, IPSs, proxies and other related devices from well-established vendors, you may naturally gravitate towards a similar architecture for the public cloud. But after some digging, you discover network security in the cloud is in its infancy and often confusing. Furthermore, while many organizations will deploy a good chunk of their business applications on a public IaaS platform in the foreseeable future, for nearly all organizations the on-premise data center is not going away anytime soon. So the question you should ask yourself is not “how do I secure the public cloud?” but rather “how do I ensure security across my hybrid environment?” Here are a few tips to help you plan your security policy management across a hybrid environment. Read the post here.
Don’t want to be the next SONY? Encrypt Everything!
Your personal data is your own and it should stay that way. Enabling other people, organizations, or for that matter systems, to peek into our data is a serious problem which we should all be aware of and concerned about. This post expands upon the importance of encryption to help protect personal data. Read the post here.
Receive notifications of new posts by email.