What Are CIS Benchmarks and How Do They Help Businesses with Security Compliance?

by Hannah Grace Holladay / February 15, 2023

CIS Benchmarks are collections of recommendations and best practices for securely configuring servers, networks, software, and other IT systems. Developed by the Center for Internet Security, the benchmarks provide guidance businesses can use to implement secure systems, assess their current level of security, and achieve regulatory compliance.  Given the number and complexity of IT services and systems, it is challenging for businesses to develop policies and implement procedures that maintain…

6 Ways Employees Expose Businesses to Security and Compliance Risks

by Hannah Grace Holladay / April 12, 2023

Business managers and IT professionals are inclined to attribute employee-caused security failures to malice, ignorance, or laziness. After all, the business has security policies and procedures. Employees know about them or, at the very least, have signed a declaration affirming they know about them. The IT team has implemented secure systems.  And yet, employees often circumvent these systems and ignore information security policies, exposing the business to cybersecurity attacks and…

Are Patch Management Failures Putting Your Company At Risk?

by Hannah Grace Holladay / February 14, 2023

Regular software updates and rigorous patch management processes are essential to maintaining security and compliance. Even the most careful proprietary and open source software development introduces bugs. Some of those bugs create security vulnerabilities, and cybercriminals are always looking for opportunities to infiltrate business IT resources and steal sensitive data.  A report from Arctic Wolf, a security operations vendor, shows the scale of the problem. Exposure of a known vulnerability…

What is a Web Application Firewall (WAF)?

by Hannah Grace Holladay / February 15, 2023

A web application firewall (WAF) sits between web applications and the internet. It monitors inbound traffic and filters malicious requests before they reach the potentially vulnerable application. This article explores WAFs, how they work, the most popular and effective examples, and why you should consider using a WAF to protect your site or app from cybercriminals. Does Your Web App Need a WAF? Sooner or later, every website, app, and…

How to Set Up AWS Systems Manager Maintenance Windows

by Hannah Grace Holladay / February 15, 2023

Information security regulations and standards often require businesses to perform regular maintenance tasks to ensure compliance. For example, PCI DSS Requirement 6 says merchants must deploy critical patches within a month of release. Failure to complete these tasks on time risks non-compliance.  Unfortunately, many security-related tasks are disruptive—updating a server operating system can take the server offline. Therefore, businesses prefer to carry out patching and other potentially disruptive activities during…