Secure Your Infrastructure with AWS CIS Benchmarks

by Hannah Grace Holladay / May 31, 2023

Amazon Web Services (AWS) is the most widely used cloud platform. It offers hundreds of networking, storage, compute, and managed cloud services, each of which helps organizations to build robust and reliable IT infrastructure without the need to manage data centers and physical hardware.  However, AWS’s richness and complexity can be challenging to configure and administer to maximize security, privacy, and compliance. This is a particular problem for organizations lacking…

How Does AWS Audit Manager Streamline Cloud Security Audits?

by Hannah Grace Holladay / February 15, 2023

Audits are essential for businesses that need to demonstrate compliance with regulatory frameworks and standards, but they are often time-consuming and disruptive. Businesses must ensure relevant controls are implemented and gather evidence to demonstrate implementation to auditors. Evidence gathering is among the most time-consuming and error-prone aspects of auditing, but it is, fortunately, an aspect that can be automated to some degree.  AWS Audit Manager is an evidence collection automation…

Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / June 14, 2023

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…

What Are CIS Benchmarks and How Do They Help Businesses with Security Compliance?

by Hannah Grace Holladay / February 15, 2023

CIS Benchmarks are collections of recommendations and best practices for securely configuring servers, networks, software, and other IT systems. Developed by the Center for Internet Security, the benchmarks provide guidance businesses can use to implement secure systems, assess their current level of security, and achieve regulatory compliance.  Given the number and complexity of IT services and systems, it is challenging for businesses to develop policies and implement procedures that maintain…

6 Ways Employees Expose Businesses to Security and Compliance Risks

by Hannah Grace Holladay / April 12, 2023

Business managers and IT professionals are inclined to attribute employee-caused security failures to malice, ignorance, or laziness. After all, the business has security policies and procedures. Employees know about them or, at the very least, have signed a declaration affirming they know about them. The IT team has implemented secure systems.  And yet, employees often circumvent these systems and ignore information security policies, exposing the business to cybersecurity attacks and…