Articles and Insights Security Services

Deciding Between Vulnerability Scanning And Penetration Testing

By Michelle Drolet . 8 May 2014

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test … Continue reading Deciding Between Vulnerability Scanning And Penetration Testing →

Articles and Insights

Why security professionals need to get more creative with penetration testing (and how to do it)

By Michelle Drolet . 25 Apr 2014

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it) →

Data Privacy Alerts

Towerwall Heartbleed Vulnerability Alert

By Michelle Drolet . 11 Apr 2014

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert →

Articles and Insights

Why wasn’t healthcare.gov security properly tested?

By Michelle Drolet . 17 Jan 2014

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested? →

Articles and Insights Data Security Review Newsletter

Introducing our Quarterly Newsletter: the Data Security Review

By Michelle Drolet . 16 Jan 2014

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review →

Articles and Insights

Establishing Security Goals

By Michelle Drolet . 8 Jan 2014

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical … Continue reading Establishing Security Goals →

Articles and Insights Security Services

How Can you Expose Targeted Attacks and Combat APTs?

By Michelle Drolet . 15 Oct 2013

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique … Continue reading How Can you Expose Targeted Attacks and Combat APTs? →

Articles and Insights Events & Conferences

Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article

By Michelle Drolet . 7 Jun 2013

Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted: HIPAA Omnibus Rule, PPACA challenge enterprise compliance management WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the … Continue reading Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article →

Articles and Insights

10 Things to Know Before Creating BYOD Policy

By Michelle Drolet . 5 Sep 2012

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and … Continue reading 10 Things to Know Before Creating BYOD Policy →

Articles and Insights

Apple iCloud breach proves Wozniak’s point about cloud risks

By Michelle Drolet . 7 Aug 2012

In a great article by Ted Samson at InfoWorld, that not even a complex, 16-character password guarantees that your cloud-based data and devices are secure. Here is what Ted had to say: This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield “horrible problems” in coming years. By extraordinary coincidence, Wired reporter … Continue reading Apple iCloud breach proves Wozniak’s point about cloud risks →

Tags

information security tips

security software

Data Breach

network security Security Regulations Security Program Mobile Security Security Services Hackers Security Alert Cloud Security security research Data Privacy cyber-attack Security Partners Application Security Big Data Mobile Apps Mobile Devices ransomware Mobile Protection malware credit card security Fractional Chief Information Security Officer (CISO) BYOD financial security Towerwall Information Security Summit endpoint security system threat landscape penetration testing Sophos vCISO Internet of Things cloud services passwords Worcester Business Journal Michelle Drolet Webinar Compliance Web Browser vulnerability management Web Application Firewall Gap Assessment Virtual CISO cannabis compliance Phishing web users web server IoT Assessment IoT security iPhone T-Mobile cannabis security SnoopWall Government Compliance Regulations HIPAA Tablets software updates Web Storage CISO meetup 10 Things I Know InfoSec at Your Services Meetup MassBay Community College Armis phishing attacks Varonis Apple Encryption InfoSec at Your Services GDPR Microsoft AlienVault European General Data Protection Regulation (GDPR) NetworkWorld Mac Equifax IT Infrastructure General Data Protection Regulation (GDPR) Android ID Theft cannabis OWASP Cybersecurity Framework AT&T Massachusetts medical marijuana internal emails DROWN Banking Cannabis Middlesex Savings Bank iOS update software systems Linkedin ISSA Events Becker College Bluetooth ISSA New England email scam Heartbleed iOS Third-party Vendor 2016 Outstanding Women in Business Candy Alexander NIST Verizon Cryptolocker Wireless CannaCare PCI Nadir Izrael Office Yahoo FBI Community Involvement Facebook CEO Center for Internet Security (CIS) Establish Smartphone WannaCry vulnerability scanning employee Wearables PhishMe Linux scammers Enterprise Breach Prevention Firefox General Data Protection Regulation cisco Gary Miliefsky BSides Boston #WBJITFORUM Outstanding Women in Business Gmail Wi-Fi Open Web Application Security Project (OWASP) spear phishing Security BSides Boston 2016 Fortinet ISACA hackings CDW password SSL Framingham GRC Hack password protection Risk Management two-factor authentification Information Security Summit 2016 CyberSN cybersecurity trends Twitter Darktrace Ltd Michael Lyons bot-infected Twinstate CryptoWall v3 Botnet Cyber Security Leader 2016 Information Systems Security Association (ISSA) Cyber Security Career Lifecycle ( CSCL ) Cyber Security Leader for 2016 Cyber Defense Magazine botnets Information Security Summit 2017 Cache Educate Allegro MicroSystems Amazon Mass Bay Community College Internet Explorer Budget Smart Device AMG RSA Outlook Smart Home Intercept X Shockwave. Internet Explorer Boston infected phone Training artificial intelligence Towerwall in the News infected computer medical cannabis 4E Methodology Cyber Security Pinterest PIE appsec sandbox Pot Compliance application testing pot dispensaries Securonix Ransomware Protection Portables Red Team Exercises ransomware-as-a-service Private Browsing quid pro quo Pseudonymization protected health information (PHI) Project Management Professional public sector Public Wi-Fi Qualys Pwn2Own Regulated Industries RFID credit cards Application Software Security secure configurations Secure Building Appliance Analysts Security Awareness Training Program point-of-sale breach Apple Pay Security Operations Center Science and Technology Tagged With: cannabis compliance Scholarship Safari Ponemon Institute Data Breach routers SamSam attack Ponemon Institute Scaled Agile Framework for Enterprise (SAFe) Practitioner private sector AOL spambots Unstructured Data Unsecured Wi-Fi Unix Uniforms UPnP USB 3D Printing USM User behavior analytics (UBA) user behavior analytics Unified Security Management (USM) U.S. Department of Health TLS Title II of the Communications Act Add-ons Threat Intelligence Top Computer Security Blogs 2016 Towerwall Security Alert Trends to Watch for in 2018 trends TrendMicro Trend Mico Veeam 2018 #summitbuzz18 Wireless Access Control Windows Wikipedia Worcester Business Journal's IT Forum WordPress Zero-day malware zero-day Year in Review Xerox Corporation whitepaper Whitelist vulnerability VPN Vormetric Virus 2017 Power 30 Solution Providers 2017 Community Leadership Breakfast white market 20 Critical Security Controls web application security third-party social media plug-ins third-party partners Sony software bugs Social Security Number Social Engineering Alien Vault Sophos Intercept X Penetration Tests SPAM SOX Sophos SafeGuard Encryption 8 Smith & Wesson smart-connected Silicon Review SHI Shellshock. Bash bug SHA1 SIMDA botnet small and midsize businesses smart TV smart fridge small to medium size enterprises (SMEs) Spear phishing emails Special Publication 800-53 TCG Network Services TCG Tax Targeted Cyberattack TechTarget tED Magazine Third Party Outsourcing third party applications The Hawaii Dispensary Alliance Texas Target Syria Starbucks SSLv2 server SSLv2 SQL injection State regulations Stealthbits switches SuperCom Subject Access Request (SAR) Settings Malicious software Deidre Diamond DDoS attacks database systems data recovery plan Department of Consumer Affairs device management DOM disaster recovery DevOps device-to-device communications data recovery capability Data Protection Officer dark web Dallas cybersecurity professionals cybercrime Darkode darwin boston voyager Data breaches darwin defense DPO Dr. David Podell Evaluate European Union European Data Protection Board (EDPB) EU legislation FCC BlueBorne Flash Cookies firewalls Fingerprinting EU Data Protection ETag eBay Drug Policy Alliance DROWN vulnerability DRIDEX botnet ebook eBook Series Enforce Endpoint Protection EMV credit cards cyberattacks Cyberattack CIA Chrome China hack Chief Security Officer CIO CIS Controls BrightTalk CIS Controls 17 CIS Controls 16 Channel Partners CFO Cash case study canna care Bugcrowd Center for Internet Security certificates CES Certified Web Application Penetration Tester Certified Business Continuity Professional CNBC Community Leadership CTO CryptoWall Critical Security Controls (CSC) Critical Security Controls Cumberland County College's 2017 Business Leaders' Summit CYBER boundary defense Cyber Security education cyber defense CreditDonkey breach continuous data protection (CDP) Conficker Conference Compliance and Regulations Cookies Corporate Security CPEs Counterintelligence Program COSO Cube Foundation for MetroWest Fox 25 business security machine learning Mac OSX LSO auditing malwarebytes Mass Department of Public Health Mary Shia Mark Zuckerberg’ LogRhythem lingo Juniper Netwroks Juniper Java ito KISSmetrics Kmart Legal weed KrebsonSecurity Known vulnerabilities MassBay MetroWest open-source software Offensive Security NFC Near-Term ROI APT Patch Penalties PayPal patch management National Security Agency (NSA) National Institute of Standards and Technology (NIST) Misconfigurations military Microsoft NERD ATM MJ Freeway ata protection officer National Initiative for Cybersecurity Education (NICE) mobile malware Mobile Device Security Analyst IT Support IT departments haveibeenpwned.com hacking GovConnection Google Wallet Health Insurance Portability & Accountability Act HIDS HTML Host-based intrusion detection systems high-profile data breaches Google GNU Bash Remote Code Execution Vulnerability FTG FREAK Framework Big Switch behavior analytics Gartner Gigamon Gift Cards GHOST HTTP HTTPS Auditing Wireless Networks Infraguard InfoSec at your Service INFOSEC Assessment Methodology Interwork #brainbabe ISSA New England Chapter Meeting ISSA International Conference ISSA International Awards Information Systems Security Association authentication IE identification IAST human error encryption Imperva Incident Response and Management Information Security Summit Scholarship Bash independent testing April Fools

Show Less

Categories

Tags