Tag: vulnerability management

Michelle Drolet

When we say “operationalizing cybersecurity,” what we are essentially saying is the implementation of best practices that strengthen your cybersecurity infrastructure. This results in a strong security posture able to address advanced and continuously evolving cyberthreats leveled at any organization. A well-defined cybersecurity strategy lies at the very root of seamless operationalizing. Key stakeholders like

Michelle Drolet

The last time we looked at how Critical Security Controls (CSC) can help you build your InfoSec framework, we covered getting a handle on your software and your hardware inventories. Today, we’re going to discuss the importance of continually assessing and remediating vulnerabilities, keeping a tight control of administrative privileges, and monitoring your audit logs.

Michelle Drolet

Teaching the workforce to create a heightened state of awareness. It’s time for the business world to toughen up on security. The threat from cybercriminals is pervasive. Successful attacks on financial institutions, large retailers, and even government bodies, are all too common. There’s a reason that the Worldwide Threat Assessment of the US Intelligence Community

Michelle Drolet

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test

Michelle Drolet

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov  Security professionals have long been running penetration tests against their firewalls and other security systems to find

Michelle Drolet

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may

Michelle Drolet

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated

Michelle Drolet

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical

Michelle Drolet

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique

Michelle Drolet

Wherever an app originates from, it is vital that you can vouch for its security before it is circulated The enterprise has gone mobile and there’s no turning back. And while the BYOD movement has received plenty of attention, IT departments are getting a handle on the security risks of personal mobile devices in the workplace. The