Passwords have been around since the dawn of the computer age and they remain the primary means of protecting online accounts and personal information. As the number of online transactions and data breaches continue to increase, it is more important than ever to choose and use strong passwords. A strong password is a combination of …
For an organization to be ISO 27001 compliant, there are lists of mandatory documents needed. But how do you decide which policies and procedures to document and to what level of detail is needed? Each clause of the standard specifies if the requirement from that clause should be documented or not. You know a document …
GRC analysts have the responsibility of speaking about security from a business point. Their work is designed to help the organization, bolster its defenses, be in a place to quickly react and handle bad situations, and limit the number of negative consequences and impacts. One of the really important pieces of work that GRC analysts …
The COVID-19 pandemic generated an increase in cyber threats. According to a security magazine, Ransomware attacks rose by 92.7% in 2021 whilst comparison to 2020. With an increase in the use of digital technology comes an increase in cyber threats and with each passing day, such threats are evolving, and the need for constant attention …
The People, Process, and Technology of Cybersecurity Read More »
According to NIST SP 800-60 volume 1 revision 1, Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts on organizational operations (i.e., mission, functions, image, or reputation) and assets, individuals, other organizations, and the Nation. Cybersecurity risk is the probability of exposure, …
The NIST 800-61 revision 2 standard provides guidelines for incident handling, especially for analyzing incident-related data, and determining the appropriate response to each incident. The guidelines can be followed independently of particular hardware platforms, operating systems, protocols, or applications. Organizations that need to implement the NIST Incident Response Life Cycle, must first establish a computer …
According to NIST, vulnerability management is a security practice that is designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and the exploitation of those vulnerabilities. Vulnerability management is generally defined as the process of identifying, …
In network security, a demilitarized zone (DMZ) functions as a subnetwork on an organization’s network infrastructure that is located between the protected internal network and an untrusted network often the internet. The DMZ is designed where there is one inside interface connected to the private network, and one outside interface connected to the public network. …
Defense in depth also known as layered security, is a cybersecurity strategy used by organizations to secure and safeguard their network, system, and data. The strategy assumes that attackers will try to penetrate the organization’s defenses, so multiple layers of security controls (physical, technical, and administrative) are put in place to detect attackers at every …
What is PII? The Nation Institute of Standard and Technology (NIST), defines personally identifiable information (PII) as Any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or …