Security Blog

About the Anatomy of a Cybersecurity Program Series In this blog series, I will be walking you through many of the specific controls that fall into the domains mentioned above. My goal is to give you some insight into the issues, and potential remedies we encounter daily while performing these assessments. Please utilize the suggestions … Continued

Updated: February 18, 2019 Our NIST Cyber Security Frame Work (NIST CSF) and Enterprise Security Risk Assessment are  our most frequently requested services. These assessments are most often performed against industry best practice or can be mapped to several different regulatory compliance standards including: HIPAA, NIST-800-53, ISO/IEC 27001:2013, etc. The goal of this service is … Continued

This alert came through our CHWG Feed All credit goes to the membership for distributing the alert and recommendations.  ALWAYS ALWAYS run any changes through your ‘Change Management Process’   Disabling SMB can break or slow local network response, especially for custom apps.  TLP: GREEN MS-ISAC CYBER ALERT SUBJECT: UPDATED – Ongoing Emotet Campaign Using MS-ISAC Branding … Continued

About the Anatomy of a Cyber Security (NIST – Cybersecurity) Program Series In this blog series, I will be walking you through many of the specific controls that fall into the domains mentioned above. My goal is to give you some insight into the issues, and potential remedies we encounter daily while performing these assessments. … Continued

Updated February 4th, 2019 This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you … Continued

About the Anatomy of a Cybersecurity Program Series In this blog series, I will be walking you through many of the specific controls that fall into the domains mentioned above. My goal is to give you some insight into the issues, and potential remedies we encounter daily while performing these assessments. Please utilize the suggestions … Continued

Updated 15 January, 2019 That is the question (or something very similar) that I invariably get after presenting the results of a security engagement where the seemingly obvious were exploited.  These are the kinds of exploits that lead to administrator-level access to systems in hours (or even minutes), and that could expose sensitive organizational data … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

Many responsible for networks security take a “Head in the Sand” approach to ‘Cybersecurity Risk Assessments’! Following a previous information security breach, I was speaking with an industry colleague who shared with me that he had been in discussions with the victim organization regarding a technology that would allow them to identify and address vulnerabilities … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

Over the last 5 years, we have seen a number of shifts in security technologies and targets. One thing that’s been evident is that no one is immune. In the past 12 months we have seen breaches affect HBO and Equifax in the corporate world; more than 200,000 systems affected in over 100 countries in … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

This series is intended to help those required to be in compliance with HIPAA understand what is required of them. Regulatory standards are often times difficult to understand as they are worded vaguely. By the end of this series, you will have a better understanding of what is required of you by HIPAA. In addition, … Continued

Important Updates 9/13/17  – Since the last posting it was discovered that Equifax had the default login credentials of “admin” for user and password on an Argentina server which exposed the personal information of 14,000 employees. 9/14/17  – The actual exploit that disclosed the 143 million US credit records was CVE-2017-5638. It was announced/released March … Continued

Do your users look at every link in every email with suspicion – even if it appears to come from an internal email address?  Do they look at each social media link as a potential danger to the well being of their friends and family? Or do they think it’s crazy they can’t share the … Continued

“HIPAA Security Officers – Your networks really ARE the PRIMARY target of the ‘Bad Guys’, ‘Bad Actors’, ‘Hackers’, etc. Whatever you want to call them, make no mistake – you are charged with safeguarding what they want. Do your security countermeasures rise to the level of the threat or are you simply content with being … Continued