Notes from the Field: CIS Control 13 – Network Monitoring and Defense

by Greg Halpin / December 15, 2023

“How would you know if your network or systems have been compromised?” That’s the question I often ask clients when discussing their networking monitoring and defense tools. An IT manager of a small company I worked with recently was honest and said he wasn’t sure. He was so busy putting out different fires every day, he didn’t know where to begin. The IT team consisted of four people, and he…

The Purpose of Policies and Procedures

by Shannon Lane / December 7, 2023

It finally happened.  One of your employees clicked on a phishy link and your company is experiencing a data breach.  They knew something wasn't right once they clicked it, but they didn't know where to turn.  They couldn't remember who to notify or what their next steps should be.  So they waited and hoped no one would notice.  Maybe it wouldn't be that big of a deal.  That only made…

Notes from the Field: Center for Internet Security Control 12 – Network Infrastructure Management

by Greg Halpin / November 17, 2023

In our increasingly busy lives, we often find ourselves making promises we can't keep. We promise to start our diet on Monday, but order in on Tuesday. We promise that this will be the year we take our dream trip, or finally learn French, or run a marathon. Maybe we promise that we'll implement the perfect network infrastructure. But life, as it often does, gets in the way. A company…

Auditor Insights: Where to Start with GDPR Compliance

by Mark Hinely / February 7, 2024

As GDPR becomes a more and more prevalent data privacy law, we want to give organizations four actions to start with when working towards GDPR compliance. These areas should help organizations understand what kind of personal data of data subjects that they have, where it goes, and what role (data controller or data processor) they fit into under GDPR. I chose the areas of data mapping, contract management, documentation review,…

Notes from the Field: Center for Internet Security Control 11 – Data Recovery 

by Greg Halpin / October 30, 2023

The client I was working with had undergone a management shakeup over the previous year. The CIO left and was replaced by someone who brought in several new managers. The result was a lot of IT and DevOps staff turnover. Many skilled staff who knew how everything worked at the company left amid the uncertainty. There were not enough senior people left to train all of the new hires. Without…