Articles and Insights Security Services

Deciding Between Vulnerability Scanning And Penetration Testing

By Michelle Drolet . 8 May 2014

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test … Continue reading Deciding Between Vulnerability Scanning And Penetration Testing →

Articles and Insights

Why security professionals need to get more creative with penetration testing (and how to do it)

By Michelle Drolet . 25 Apr 2014

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it) →

Data Privacy Alerts

Towerwall Heartbleed Vulnerability Alert

By Michelle Drolet . 11 Apr 2014

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert →

Articles and Insights

Why wasn’t healthcare.gov security properly tested?

By Michelle Drolet . 17 Jan 2014

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested? →

Articles and Insights Data Security Review Newsletter

Introducing our Quarterly Newsletter: the Data Security Review

By Michelle Drolet . 16 Jan 2014

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review →

Articles and Insights

Establishing Security Goals

By Michelle Drolet . 8 Jan 2014

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical … Continue reading Establishing Security Goals →

Articles and Insights Security Services

How Can you Expose Targeted Attacks and Combat APTs?

By Michelle Drolet . 15 Oct 2013

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique … Continue reading How Can you Expose Targeted Attacks and Combat APTs? →

Articles and Insights Events & Conferences

Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article

By Michelle Drolet . 7 Jun 2013

Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted: HIPAA Omnibus Rule, PPACA challenge enterprise compliance management WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the … Continue reading Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article →

Articles and Insights

10 Things to Know Before Creating BYOD Policy

By Michelle Drolet . 5 Sep 2012

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and … Continue reading 10 Things to Know Before Creating BYOD Policy →

Articles and Insights

Apple iCloud breach proves Wozniak’s point about cloud risks

By Michelle Drolet . 7 Aug 2012

In a great article by Ted Samson at InfoWorld, that not even a complex, 16-character password guarantees that your cloud-based data and devices are secure. Here is what Ted had to say: This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield “horrible problems” in coming years. By extraordinary coincidence, Wired reporter … Continue reading Apple iCloud breach proves Wozniak’s point about cloud risks →

Tags

information security tips

Data Breach

security software

Security Regulations Security Program network security Mobile Security Security Services Hackers Security Alert Cloud Security security research Data Privacy cyber-attack Security Partners Application Security Big Data Mobile Apps Mobile Devices ransomware Mobile Protection malware credit card security Fractional Chief Information Security Officer (CISO) Michelle Drolet financial security BYOD Towerwall penetration testing Information Security Summit Internet of Things endpoint security system Webinar Sophos threat landscape vCISO passwords Worcester Business Journal cloud services Compliance vulnerability management Web Browser Virtual CISO cannabis compliance Web Application Firewall Gap Assessment Phishing web users web server Assessment IoT T-Mobile iPhone cannabis security IoT security SnoopWall HIPAA Web Storage Government Compliance Regulations Tablets software updates 10 Things I Know GDPR meetup Armis InfoSec at Your Services Meetup CISO MassBay Community College phishing attacks InfoSec at Your Services Microsoft Varonis Apple Android General Data Protection Regulation (GDPR) AlienVault BrightTalk Encryption European General Data Protection Regulation (GDPR) ID Theft Equifax IT Infrastructure OWASP Mac NetworkWorld iOS cannabis Linkedin Cybersecurity Framework AT&T Becker College DROWN 2016 Outstanding Women in Business medical marijuana ISSA New England Breach Response Heartbleed internal emails Candy Alexander CannaCare iOS update Verizon ISSA software systems Cryptolocker Massachusetts NIST Wireless Third-party Vendor Yahoo Nadir Izrael Bluetooth Events Middlesex Savings Bank PCI Office Banking Cannabis email scam FBI AMG Smart Home infected computer infected phone Facebook Smart Device Firefox Smartphone hackings General Data Protection Regulation Information Security Summit 2016 SSL Center for Internet Security (CIS) Gary Miliefsky spear phishing Gmail Hack Sophos Intercept X GRC Fortinet Framingham CEO ISACA botnets Botnet cisco Michael Lyons Breach Prevention medical cannabis bot-infected Boston password password protection PhishMe Outstanding Women in Business Open Web Application Security Project (OWASP) Outlook Mass Bay Community College Regulated Industries Cache Budget Internet Explorer Intercept X Shockwave. Internet Explorer Information Systems Security Association (ISSA) Establish artificial intelligence RSA Risk Management Linux scammers BSides Boston Security BSides Boston 2016 Information Security Summit 2017 CDW employee Cyber Security Leader for 2016 Cyber Security Leader 2016 Windows Amazon two-factor authentification Cyber Defense Magazine Educate Wearables Towerwall in the News Allegro MicroSystems Wi-Fi vulnerability scanning WannaCry Training #WBJITFORUM cybersecurity trends Community Involvement Darktrace Ltd 4E Methodology Enterprise CyberSN Twinstate Cyber Security Data breaches Twitter Cyber Security Career Lifecycle ( CSCL ) CryptoWall v3 2018 RFID credit cards Red Team Exercises ransomware-as-a-service Safari routers 3D Printing Security Operations Center vulnerability Security Awareness Training Program ATM VPN Vormetric ata protection officer security assumptions auditing Scholarship Scaled Agile Framework for Enterprise (SAFe) Practitioner sandbox Science and Technology Tagged With: cannabis compliance Secure Building Auditing Wireless Networks secure configurations SamSam attack 20 Critical Security Controls point-of-sale breach #summitbuzz18 Pinterest Ponemon Institute Wireless Access Control Pot Compliance Portables Ponemon Institute Data Breach PIE Worcester Business Journal's IT Forum Bash Penetration Tests Zero-day malware phishing attack zero-day WordPress Xerox Corporation Year in Review Wikipedia pot dispensaries quid pro quo Qualys Pwn2Own APT 2017 Community Leadership Breakfast 2017 Power 30 Solution Providers Ransomware Protection authentication Public Wi-Fi white market Project Management Professional private sector Private Browsing whitepaper protected health information (PHI) public sector Whitelist Pseudonymization web application security application testing Top Computer Security Blogs 2016 SQL injection Special Publication 800-53 TLS Title II of the Communications Act Starbucks SSLv2 server SSLv2 Spear phishing emails Towerwall Security Alert Trend Mico TrendMicro Apple Pay Town Hall Sophos SafeGuard Encryption 8 spambots SPAM SOX State regulations Stealthbits Tax Targeted Cyberattack third party applications TCG TCG Network Services Texas tED Magazine TechTarget Third Party Outsourcing third-party partners switches SuperCom Subject Access Request (SAR) Syria Threat Intelligence Target third-party social media plug-ins AOL trends Sony SHI Shellshock. Bash bug User behavior analytics (UBA) user behavior analytics USB UPnP SIMDA botnet Silicon Review SHA1 Settings Veeam appsec April Fools The Hawaii Dispensary Alliance Securonix USM Alien Vault Add-ons Unstructured Data Unsecured Wi-Fi Snort Application Software Security Smith & Wesson Social Engineering Social Security Number Appliance Analysts Trends to Watch for in 2018 software bugs smart-connected smart TV Unified Security Management (USM) Uniforms Unix small and midsize businesses small to medium size enterprises (SMEs) smart fridge U.S. Department of Health Virus boundary defense ebook eBay Drug Policy Alliance DROWN vulnerability eBook Series EDR Endpoint Protection endpoint detection Channel Partners EMV credit cards DRIDEX botnet Dr. David Podell device management Department of Consumer Affairs Deidre Diamond DDoS attacks device-to-device communications DevOps DPO DOM disaster recovery CFO endpoint visibility Foundation for MetroWest Flash Cookies firewalls Fingerprinting Fox 25 certificates Gartner FTG FREAK Framework Certified Business Continuity Professional FCC EU Data Protection ETag CES Enforce EU legislation European Data Protection Board (EDPB) Evaluate European Union Certified Web Application Penetration Tester database systems data storage Critical Security Controls CreditDonkey CIS Controls 16 CPEs Critical Security Controls (CSC) CRNtv CYBER Cumberland County College's 2017 Business Leaders' Summit CTO CryptoWall Counterintelligence Program COSO Cube Compliance and Regulations CIS Controls 17 Community Leadership CNBC Conference Conficker Corporate Security Cookies continuous data protection (CDP) cyber defense Cyber Security education Data Loss Prevention (DLP) data collection Chrome darwin defense China hack Data Protection Officer Chief Security Officer data recovery plan data recovery capability darwin Darkode cybercrime cyberattacks Cyberattack CIS Controls CIO CIA dark web Dallas cybersecurity professionals GDPR Fines Center for Internet Security malwarebytes Malicious software machine learning Mac OSX Mark Zuckerberg’ Mary Shia MetroWest breach MassBay Mass Department of Public Health Bro LSO Kmart KISSmetrics Kismet Juniper Netwroks Known vulnerabilities KrebsonSecurity LogRhythem lingo Legal weed Microsoft NERD military open-source software Open Source Open DLP Offensive Security OSSEC Big Switch PayPal patch management Patch behavior analytics NFC BlueBorne mobile malware Mobile Device Security Analyst MJ Freeway Misconfigurations boston voyager National Initiative for Cybersecurity Education (NICE) Near-Term ROI National Security Agency (NSA) National Institute of Standards and Technology (NIST) Juniper Java Host-based intrusion detection systems Cash high-profile data breaches HIDS HTML HTTP case study IAST human error encryption HTTPS Health Insurance Portability & Accountability Act haveibeenpwned.com GNU Bash Remote Code Execution Vulnerability Gigamon Gift Cards GHOST Google Google Wallet hacking CCPA GovConnection identification IE ISSA International Awards Bugcrowd business security #brainbabe ISSA International Conference ISSA New England Chapter Meeting ito IT Support IT departments Interwork Infraguard Information Security Summit Scholarship independent testing Incident Response and Management Imperva canna care Information Systems Security Association California Consumer Privacy Act (CCPA) InfoSec at your Service INFOSEC Assessment Methodology Penalties

Show Less

Categories

Tags