Articles and Insights Security Services

Deciding Between Vulnerability Scanning And Penetration Testing

By Michelle Drolet . 8 May 2014

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test … Continue reading Deciding Between Vulnerability Scanning And Penetration Testing →

Articles and Insights

Why security professionals need to get more creative with penetration testing (and how to do it)

By Michelle Drolet . 25 Apr 2014

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it) →

Data Privacy Alerts

Towerwall Heartbleed Vulnerability Alert

By Michelle Drolet . 11 Apr 2014

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert →

Articles and Insights

Why wasn’t healthcare.gov security properly tested?

By Michelle Drolet . 17 Jan 2014

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested? →

Articles and Insights Data Security Review Newsletter

Introducing our Quarterly Newsletter: the Data Security Review

By Michelle Drolet . 16 Jan 2014

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review →

Articles and Insights

Establishing Security Goals

By Michelle Drolet . 8 Jan 2014

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical … Continue reading Establishing Security Goals →

Articles and Insights Security Services

How Can you Expose Targeted Attacks and Combat APTs?

By Michelle Drolet . 15 Oct 2013

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique … Continue reading How Can you Expose Targeted Attacks and Combat APTs? →

Articles and Insights Events & Conferences

Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article

By Michelle Drolet . 7 Jun 2013

Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted: HIPAA Omnibus Rule, PPACA challenge enterprise compliance management WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the … Continue reading Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article →

Articles and Insights

10 Things to Know Before Creating BYOD Policy

By Michelle Drolet . 5 Sep 2012

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and … Continue reading 10 Things to Know Before Creating BYOD Policy →

Articles and Insights

Apple iCloud breach proves Wozniak’s point about cloud risks

By Michelle Drolet . 7 Aug 2012

In a great article by Ted Samson at InfoWorld, that not even a complex, 16-character password guarantees that your cloud-based data and devices are secure. Here is what Ted had to say: This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield “horrible problems” in coming years. By extraordinary coincidence, Wired reporter … Continue reading Apple iCloud breach proves Wozniak’s point about cloud risks →

Tags

information security tips

security software

Data Breach

Security Regulations network security Security Program Mobile Security Security Services Hackers Security Alert Cloud Security security research Data Privacy cyber-attack Security Partners Application Security Big Data Mobile Apps Mobile Devices ransomware Mobile Protection malware credit card security Fractional Chief Information Security Officer (CISO) BYOD financial security Towerwall Michelle Drolet Information Security Summit threat landscape Internet of Things endpoint security system penetration testing Sophos vCISO Webinar passwords cloud services Worcester Business Journal Compliance Web Browser vulnerability management Virtual CISO Gap Assessment Web Application Firewall IoT cannabis compliance web server Assessment web users Phishing T-Mobile IoT security SnoopWall cannabis security iPhone Government Compliance Regulations software updates CISO Tablets InfoSec at Your Services Meetup Armis Web Storage meetup HIPAA InfoSec at Your Services 10 Things I Know GDPR MassBay Community College phishing attacks AlienVault Apple Microsoft Encryption Varonis General Data Protection Regulation (GDPR) Equifax European General Data Protection Regulation (GDPR) ID Theft Mac Android BrightTalk cannabis IT Infrastructure OWASP NetworkWorld email scam PCI Office Verizon Third-party Vendor Yahoo Cybersecurity Framework Wireless NIST DROWN Nadir Izrael Heartbleed ISSA New England ISSA iOS update Linkedin Massachusetts internal emails software systems Middlesex Savings Bank medical marijuana Events iOS Cryptolocker Bluetooth Becker College Candy Alexander CannaCare Banking Cannabis AT&T 2016 Outstanding Women in Business CDW medical cannabis Mass Bay Community College Cache botnets Open Web Application Security Project (OWASP) Outlook Breach Prevention Breach Response Linux Budget Michael Lyons CEO Hack Community Involvement hackings GRC Gmail Framingham Gary Miliefsky General Data Protection Regulation cisco infected computer Internet Explorer ISACA Outstanding Women in Business Intercept X Information Systems Security Association (ISSA) infected phone Information Security Summit 2016 Information Security Summit 2017 Center for Internet Security (CIS) bot-infected Twitter two-factor authentification AMG Twinstate Training SSL Towerwall in the News Amazon Allegro MicroSystems Wi-Fi #WBJITFORUM 4E Methodology Wearables vulnerability scanning WannaCry spear phishing Sophos Intercept X PhishMe Regulated Industries Risk Management Boston Fortinet password password protection RSA scammers Smartphone artificial intelligence Smart Home Smart Device Security BSides Boston 2016 Shockwave. Internet Explorer Botnet BSides Boston FBI employee Cyber Security Career Lifecycle ( CSCL ) cybersecurity trends Darktrace Ltd Enterprise Educate Cyber Security Leader for 2016 Cyber Security Leader 2016 Facebook Establish Cyber Security CryptoWall v3 CyberSN Firefox Cyber Defense Magazine Smith & Wesson Silicon Review SHI CryptoWall Darkode SIMDA botnet darwin Social Engineering smart fridge small to medium size enterprises (SMEs) smart TV darwin defense small and midsize businesses smart-connected software bugs Spear phishing emails Dallas spambots Special Publication 800-53 SQL injection Starbucks SSLv2 server SSLv2 SPAM SOX April Fools APT Shellshock. Bash bug Sony appsec Sophos SafeGuard Encryption 8 dark web Social Security Number ata protection officer routers data storage RFID credit cards database systems CRNtv Safari Scaled Agile Framework for Enterprise (SAFe) Practitioner sandbox SamSam attack Red Team Exercises ransomware-as-a-service Public Wi-Fi public sector Pseudonymization Pwn2Own Qualys Ransomware Protection Big Switch quid pro quo data recovery plan Scholarship auditing Auditing Wireless Networks authentication ATM State regulations Settings Securonix Data breaches data collection Bash secure configurations Secure Building Science and Technology Tagged With: cannabis compliance behavior analytics data recovery capability Security Operations Center Data Protection Officer Security Awareness Training Program SHA1 Application Software Security Vormetric Virus Alien Vault VPN vulnerability Cyber Security education CYBER Add-ons Cyberattack Veeam USB UPnP Unstructured Data user behavior analytics User behavior analytics (UBA) cyberattacks cybercrime USM web application security 3D Printing WordPress Worcester Business Journal's IT Forum Wireless Access Control Xerox Corporation #summitbuzz18 Zero-day malware zero-day Year in Review 20 Critical Security Controls Windows 2017 Community Leadership Breakfast 2017 Power 30 Solution Providers 2018 white market Whitelist Wikipedia whitepaper Unsecured Wi-Fi Unix tED Magazine TechTarget TCG Network Services Texas The Hawaii Dispensary Alliance third-party partners Third Party Outsourcing third party applications TCG Tax switches SuperCom Subject Access Request (SAR) Syria application testing Targeted Cyberattack Target protected health information (PHI) third-party social media plug-ins Appliance Analysts Trends to Watch for in 2018 trends TrendMicro CTO Cumberland County College's 2017 Business Leaders' Summit Uniforms Unified Security Management (USM) U.S. Department of Health Trend Mico cybersecurity professionals Title II of the Communications Act Apple Pay Threat Intelligence TLS Top Computer Security Blogs 2016 Towerwall Security Alert AOL Stealthbits Pot Compliance Information Systems Security Association CIO Information Security Summit Scholarship ETag INFOSEC Assessment Methodology InfoSec at your Service Infraguard Chrome CIA EU Data Protection CIS Controls Imperva IE identification Incident Response and Management independent testing CIS Controls 16 EU legislation European Data Protection Board (EDPB) Counterintelligence Program China hack ISSA New England Chapter Meeting certificates ISSA International Conference IT departments CPEs Java ito IT Support ISSA International Awards Certified Business Continuity Professional #brainbabe Interwork Chief Security Officer Channel Partners CFO Enforce Certified Web Application Penetration Tester CES CIS Controls 17 IAST GDPR Fines Conference Cookies FCC Compliance and Regulations Gigamon Gift Cards GHOST Gartner Conficker Fox 25 Foundation for MetroWest Flash Cookies continuous data protection (CDP) Framework FTG FREAK Fingerprinting GNU Bash Remote Code Execution Vulnerability Google COSO Cube high-profile data breaches HIDS Host-based intrusion detection systems HTML human error encryption HTTPS HTTP CNBC Health Insurance Portability & Accountability Act Community Leadership GovConnection Google Wallet Corporate Security Evaluate haveibeenpwned.com European Union hacking Juniper Juniper Netwroks DOM DPO open-source software Dr. David Podell disaster recovery DevOps Patch device management device-to-device communications DRIDEX botnet Offensive Security National Security Agency (NSA) National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Near-Term ROI Critical Security Controls (CSC) boundary defense NFC breach patch management PayPal Ponemon Institute Data Breach Ponemon Institute point-of-sale breach Portables firewalls private sector Private Browsing pot dispensaries Pinterest PIE Department of Consumer Affairs Penalties boston voyager Penetration Tests Deidre Diamond DDoS attacks BlueBorne phishing attack DROWN vulnerability cyber defense machine learning Mac OSX Center for Internet Security Malicious software EMV credit cards Mary Shia Mark Zuckerberg’ malwarebytes LSO LogRhythem Known vulnerabilities Kmart KISSmetrics KrebsonSecurity Legal weed CreditDonkey Endpoint Protection lingo Mass Department of Public Health Cash MJ Freeway Misconfigurations military business security Mobile Device Security Analyst Drug Policy Alliance mobile malware Bugcrowd eBay Microsoft NERD Critical Security Controls case study MassBay canna care MetroWest California Consumer Privacy Act (CCPA) ebook eBook Series Project Management Professional

Show Less

Categories

Tags