Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / June 14, 2023

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…

What Are CIS Benchmarks and How Do They Help Businesses with Security Compliance?

by Hannah Grace Holladay / February 15, 2023

CIS Benchmarks are collections of recommendations and best practices for securely configuring servers, networks, software, and other IT systems. Developed by the Center for Internet Security, the benchmarks provide guidance businesses can use to implement secure systems, assess their current level of security, and achieve regulatory compliance.  Given the number and complexity of IT services and systems, it is challenging for businesses to develop policies and implement procedures that maintain…

6 Ways Employees Expose Businesses to Security and Compliance Risks

by Hannah Grace Holladay / April 12, 2023

Business managers and IT professionals are inclined to attribute employee-caused security failures to malice, ignorance, or laziness. After all, the business has security policies and procedures. Employees know about them or, at the very least, have signed a declaration affirming they know about them. The IT team has implemented secure systems.  And yet, employees often circumvent these systems and ignore information security policies, exposing the business to cybersecurity attacks and…

Are Patch Management Failures Putting Your Company At Risk?

by Hannah Grace Holladay / February 14, 2023

Regular software updates and rigorous patch management processes are essential to maintaining security and compliance. Even the most careful proprietary and open source software development introduces bugs. Some of those bugs create security vulnerabilities, and cybercriminals are always looking for opportunities to infiltrate business IT resources and steal sensitive data.  A report from Arctic Wolf, a security operations vendor, shows the scale of the problem. Exposure of a known vulnerability…

What is a Web Application Firewall (WAF)?

by Hannah Grace Holladay / February 15, 2023

A web application firewall (WAF) sits between web applications and the internet. It monitors inbound traffic and filters malicious requests before they reach the potentially vulnerable application. This article explores WAFs, how they work, the most popular and effective examples, and why you should consider using a WAF to protect your site or app from cybercriminals. Does Your Web App Need a WAF? Sooner or later, every website, app, and…