Articles and Insights Security Services

Deciding Between Vulnerability Scanning And Penetration Testing

By Michelle Drolet . 8 May 2014

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test … Continue reading Deciding Between Vulnerability Scanning And Penetration Testing →

Articles and Insights

Why security professionals need to get more creative with penetration testing (and how to do it)

By Michelle Drolet . 25 Apr 2014

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it) →

Data Privacy Alerts

Towerwall Heartbleed Vulnerability Alert

By Michelle Drolet . 11 Apr 2014

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert →

Articles and Insights

Why wasn’t healthcare.gov security properly tested?

By Michelle Drolet . 17 Jan 2014

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested? →

Articles and Insights Data Security Review Newsletter

Introducing our Quarterly Newsletter: the Data Security Review

By Michelle Drolet . 16 Jan 2014

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review →

Articles and Insights

Establishing Security Goals

By Michelle Drolet . 8 Jan 2014

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical … Continue reading Establishing Security Goals →

Articles and Insights Security Services

How Can you Expose Targeted Attacks and Combat APTs?

By Michelle Drolet . 15 Oct 2013

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique … Continue reading How Can you Expose Targeted Attacks and Combat APTs? →

Articles and Insights Events & Conferences

Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article

By Michelle Drolet . 7 Jun 2013

Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted: HIPAA Omnibus Rule, PPACA challenge enterprise compliance management WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the … Continue reading Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article →

Articles and Insights

10 Things to Know Before Creating BYOD Policy

By Michelle Drolet . 5 Sep 2012

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and … Continue reading 10 Things to Know Before Creating BYOD Policy →

Articles and Insights

Apple iCloud breach proves Wozniak’s point about cloud risks

By Michelle Drolet . 7 Aug 2012

In a great article by Ted Samson at InfoWorld, that not even a complex, 16-character password guarantees that your cloud-based data and devices are secure. Here is what Ted had to say: This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield “horrible problems” in coming years. By extraordinary coincidence, Wired reporter … Continue reading Apple iCloud breach proves Wozniak’s point about cloud risks →

Tags

information security tips

Data Breach

security software

network security Security Program Security Regulations Mobile Security Security Services Hackers Security Alert Cloud Security security research Data Privacy cyber-attack Security Partners Application Security Big Data Mobile Apps Mobile Devices ransomware Mobile Protection malware credit card security Michelle Drolet Fractional Chief Information Security Officer (CISO) financial security Towerwall BYOD Webinar penetration testing endpoint security system Information Security Summit Sophos threat landscape Internet of Things vCISO passwords Worcester Business Journal cloud services Compliance vulnerability management Web Browser Web Application Firewall cannabis compliance Virtual CISO Gap Assessment Phishing Assessment IoT web users web server SnoopWall T-Mobile IoT security CISO cannabis security iPhone software updates Web Storage GDPR meetup Armis 10 Things I Know InfoSec at Your Services Meetup Tablets Government Compliance Regulations HIPAA BrightTalk InfoSec at Your Services MassBay Community College phishing attacks General Data Protection Regulation (GDPR) AlienVault Apple Encryption Microsoft Varonis Android Mac Equifax ID Theft European General Data Protection Regulation (GDPR) OWASP iOS NIST IT Infrastructure NetworkWorld cannabis Middlesex Savings Bank Massachusetts Linkedin DROWN internal emails Cybersecurity Framework Cryptolocker Heartbleed medical marijuana Third-party Vendor ISSA New England email scam AT&T 2016 Outstanding Women in Business ISSA Wireless Candy Alexander CannaCare Events iOS update Breach Response Becker College Bluetooth Office Yahoo Nadir Izrael software systems PCI Verizon Banking Cannabis Enterprise Smartphone Linux Fortinet Shockwave. Internet Explorer Framingham Internet Explorer Hack RSA Gary Miliefsky Smart Home spear phishing GRC General Data Protection Regulation artificial intelligence Educate Facebook FBI Smart Device employee ISACA Open Web Application Security Project (OWASP) SSL Regulated Industries Gmail Allegro MicroSystems Risk Management Intercept X Establish Firefox Sophos Intercept X Cyber Security Leader for 2016 CEO password protection Center for Internet Security (CIS) password AMG CDW infected phone Wearables Community Involvement 4E Methodology cisco vulnerability scanning WannaCry Wi-Fi Windows bot-infected Botnet Boston Security BSides Boston 2016 infected computer botnets Outlook Budget Cache BSides Boston Outstanding Women in Business Breach Prevention Amazon Information Security Summit 2016 cybersecurity trends CyberSN #WBJITFORUM Towerwall in the News Training Mass Bay Community College Darktrace Ltd scammers hackings Information Systems Security Association (ISSA) Data breaches Cyber Security Leader 2016 Information Security Summit 2017 Twitter medical cannabis two-factor authentification PhishMe CryptoWall v3 Twinstate Cyber Defense Magazine Cyber Security Career Lifecycle ( CSCL ) Cyber Security Michael Lyons Scaled Agile Framework for Enterprise (SAFe) Practitioner Scholarship sandbox secure configurations Secure Building Science and Technology Tagged With: cannabis compliance Ponemon Institute Data Breach point-of-sale breach Pinterest PIE Ponemon Institute Alien Vault Pot Compliance Portables phishing attack Penetration Tests OSSEC open-source software Patch patch management Penalties PayPal pot dispensaries Private Browsing ransomware-as-a-service Ransomware Protection quid pro quo Red Team Exercises RFID credit cards Safari routers Qualys Pwn2Own Project Management Professional private sector protected health information (PHI) Pseudonymization Public Wi-Fi public sector SamSam attack Sony trends TrendMicro Trend Mico Town Hall Trends to Watch for in 2018 U.S. Department of Health Unsecured Wi-Fi Unix Uniforms Unified Security Management (USM) Towerwall Security Alert Top Computer Security Blogs 2016 third party applications The Hawaii Dispensary Alliance Texas tED Magazine Third Party Outsourcing third-party partners TLS Title II of the Communications Act Threat Intelligence third-party social media plug-ins Unstructured Data UPnP Wireless Access Control Wikipedia whitepaper Whitelist Worcester Business Journal's IT Forum WordPress Zero-day malware zero-day Year in Review Xerox Corporation white market #summitbuzz18 USM User behavior analytics (UBA) user behavior analytics USB Veeam Virus web application security vulnerability VPN Vormetric TechTarget TCG Network Services small and midsize businesses SIMDA botnet Silicon Review SHI small to medium size enterprises (SMEs) smart fridge Snort Smith & Wesson smart-connected smart TV Shellshock. Bash bug SHA1 3D Printing Add-ons Security Operations Center Security Awareness Training Program 2019 2018 Settings Securonix 2017 Community Leadership Breakfast 2017 Power 30 Solution Providers Social Engineering Social Security Number SuperCom Subject Access Request (SAR) Stealthbits State regulations switches Syria TCG Tax Targeted Cyberattack Target Starbucks SSLv2 server SOX Sophos SafeGuard Encryption 8 20 Critical Security Controls software bugs SPAM spambots SSLv2 SQL injection Special Publication 800-53 Spear phishing emails security assumptions KISSmetrics darwin defense ata protection officer darwin Darkode dark web data collection Data Loss Prevention (DLP) data storage data recovery plan data recovery capability Data Protection Officer Dallas cybersecurity professionals Cyber Security education cyber defense CYBER Cumberland County College's 2017 Business Leaders' Summit Auditing Wireless Networks Cyberattack ATM auditing cybercrime cyberattacks database systems DDoS attacks EDR eBook Series ebook eBay EMV credit cards endpoint detection ETag Enforce endpoint visibility Endpoint Protection Drug Policy Alliance DROWN vulnerability device-to-device communications device management Department of Consumer Affairs Deidre Diamond DevOps disaster recovery DRIDEX botnet Dr. David Podell DPO DOM CTO CSF certificates Certified Business Continuity Professional Center for Internet Security CCPA Cash Certified Web Application Penetration Tester CES China hack Chief Security Officer Channel Partners CFO case study canna care boundary defense boston voyager BlueBorne Big Switch breach Bro California Consumer Privacy Act (CCPA) Bash business security Bugcrowd Chrome CIA CPEs Counterintelligence Program COSO Cube Corporate Security authentication CreditDonkey CryptoWall CRNtv Critical Security Controls (CSC) Critical Security Controls Cookies continuous data protection (CDP) CIS Controls 17 CIS Controls 16 CIS Controls CIO cloud phishing CNBC Conficker Conference Compliance and Regulations Community Leadership EU Data Protection EU legislation KrebsonSecurity Legal weed Known vulnerabilities Kmart behavior analytics lingo LogRhythem Malicious software machine learning Mac OSX LSO Kismet Juniper Netwroks ISSA International Conference ISSA International Awards Interwork #brainbabe ISSA New England Chapter Meeting IT departments Juniper Java ito IT Support Appliance Analysts malwarebytes National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Anti-Phishing Working Group (APWG) mobile malware National Security Agency (NSA) Near-Term ROI Open DLP Offensive Security NIST Cybersecurity Framework (CSF) NFC AOL Mobile Device Security Analyst MassBay Mass Department of Public Health Mary Shia Mark Zuckerberg’ MetroWest Apple Pay MJ Freeway Misconfigurations military Microsoft NERD Infraguard InfoSec at your Service GDPR Fines Gartner FTG FREAK GHOST Gift Cards Google Wallet Google GNU Bash Remote Code Execution Vulnerability Gigamon Framework APT FCC Evaluate European Union European Data Protection Board (EDPB) Fingerprinting firewalls Fox 25 Foundation for MetroWest Forbes Flash Cookies GovConnection April Fools independent testing Incident Response and Management Imperva IE appsec application testing INFOSEC Assessment Methodology Information Systems Security Association Application Software Security Information Security Summit Scholarship identification IAST HIDS Health Insurance Portability & Accountability Act haveibeenpwned.com hacking high-profile data breaches Host-based intrusion detection systems human error encryption HTTPS HTTP HTML Open Source

Show Less

Categories

Tags