6 Terms You Need to Know To Improve  Your Threat Management 

by Tori Thurmond / June 14, 2023

We’ve all seen the jumble of letters that make up the world of cybersecurity. But do you know what they all mean? These technical terms can be overwhelming, so we want to make sure you understand what you need to know about threat management, or how your organization manages and mitigates threats that may negatively affect your security posture.    At the 2022 Information Systems Audit and Control Association (ISACA) conference in…

Data Security 101: Make Sure You Know Where Your Data Is and How It’s Working for You

by Randy Bartels / October 4, 2023

Data is the key to your operation. Make sure you’re keeping it safe. Whether it’s the data you receive from your customers, information you use to run your business, or the source code for your applications, data is at the very heart of any organization. Securing that data is job #1 for any information security program.  A good place to start is understanding where the data is, who uses it,…

How to Write a Cloud Security Policy for Your Business

by Hannah Grace Holladay / June 14, 2023

The major cloud computing platforms are more secure than the average on-premises infrastructure deployment. But “more secure” isn’t the same as “sufficiently secure.” Cloud security is a shared responsibility: cloud vendors provide the foundations, but it’s up to cloud customers to build secure systems. That’s unlikely to happen without a well-documented, comprehensive, and enforced cloud security policy (CSP). A cloud security policy sets security parameters for managers and employees, and…

Six Steps to a Bullet-Proof Disaster Recovery Plan (DRP)

by Hannah Grace Holladay / June 14, 2023

Unfortunately in today’s modern threat landscape, it’s only a matter of time before your business faces a disaster. How would your organization cope if an employee deleted a production database? Could you continue to serve customers if a tornado took out your primary data center? How soon could you recover data encrypted in a ransomware attack or return to normal operations during a denial-of-service attack? Disaster recovery planning ensures your…

Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / June 14, 2023

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…