Notes from the Field: CIS Control 01 – Inventory and Control of Enterprise Assets

by Greg Halpin / June 14, 2023

The Center for Internet Security released Version 8 of its CIS Controls document in May 2021. If you are not familiar with the Center for Internet Security, it's a non-profit organization dedicated to making "the connected world a safer place..." The Controls document includes 18 information security controls that all organizations and information security professionals should understand and implement to protect their data, networks, systems, and other resources.  The clients I work with often…

DDoS Protection: How to Survive a Distributed Denial of Service Attack

by Hannah Grace Holladay / June 14, 2023

You’re sitting at your desk when the first notification arrives. Uptime monitoring has detected unusually long response times for the servers hosting the business’s primary web app. Soon after, your manager calls to say customer support is getting complaints—many users can’t sign in and the app is slow for those who can.  You try to open the app to see for yourself, but the browser times out.  With increasing concern,…

Testing MFA Controls: Learning from the CISA Cybersecurity Advisory

by Hannah Grace Holladay / June 14, 2023

You thought you did everything right. You enabled multi-factor authentication (MFA) on all of your accounts and configured it so that all employees and customers are required to use it. You have automated checks set up to make sure MFA is still required. And yet you still experience a data breach. This is exactly what happened to the non-governmental organization (NGO) described in the Federal Bureau of Investigation (FBI) and…

How to Prevent Ransomware

by Hannah Grace Holladay / June 14, 2023

Ransomware is perhaps the most disruptive and infuriating security threat facing businesses in 2022. A ransomware infection is a symptom of an information and infrastructure security failure that may hurt a business’s reputation and pose a compliance risk. Ransomware not only deprives a business of data essential to its operations; it also forces business leaders to decide whether to pay off criminals—an action that has ethical, financial, and legal implications.…

6 Steps to Prevent Data Breaches

by Hannah Grace Holladay / June 14, 2023

As we enter a new year, it’s traditional to look back at the successes and failures of the last twelve months. The information security world is no different, and as the year draws to a close, information security writers publish a flurry of articles with titles like The Top Data Breaches of 2021 and The Top 5 Scariest Data Breaches in 2021. They are sobering reading: each listicle entry represents…