Articles and Insights Security Services

Deciding Between Vulnerability Scanning And Penetration Testing

By Michelle Drolet . 8 May 2014

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test … Continue reading Deciding Between Vulnerability Scanning And Penetration Testing →

Articles and Insights

Why security professionals need to get more creative with penetration testing (and how to do it)

By Michelle Drolet . 25 Apr 2014

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it) →

Data Privacy Alerts

Towerwall Heartbleed Vulnerability Alert

By Michelle Drolet . 11 Apr 2014

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert →

Articles and Insights

Why wasn’t healthcare.gov security properly tested?

By Michelle Drolet . 17 Jan 2014

When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested? →

Articles and Insights Data Security Review Newsletter

Introducing our Quarterly Newsletter: the Data Security Review

By Michelle Drolet . 16 Jan 2014

I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review →

Articles and Insights

Establishing Security Goals

By Michelle Drolet . 8 Jan 2014

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are: Put information security and its importance into the forefront of your staff’s minds. Spread information security policy and awareness throughout corporate ranks. Build security awareness into the technical … Continue reading Establishing Security Goals →

Articles and Insights Security Services

How Can you Expose Targeted Attacks and Combat APTs?

By Michelle Drolet . 15 Oct 2013

Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing. The risk is that security is breached, typically through manipulation of employees using a technique … Continue reading How Can you Expose Targeted Attacks and Combat APTs? →

Articles and Insights Events & Conferences

Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article

By Michelle Drolet . 7 Jun 2013

Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted: HIPAA Omnibus Rule, PPACA challenge enterprise compliance management WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the … Continue reading Towerwall and the Information Security Summit highlighted in SearchSecurity.com Article →

Articles and Insights

10 Things to Know Before Creating BYOD Policy

By Michelle Drolet . 5 Sep 2012

In recent years, the work place has become more mobile than ever, and the mobile worker revolution is, in large part, the reason for the rise in Bring Your Own Device (BYOD) policies. The big idea is that through the use of cloud computing-based collaboration platforms, enterprise-class companies can save a great deal of money in IT, security and … Continue reading 10 Things to Know Before Creating BYOD Policy →

Articles and Insights

Apple iCloud breach proves Wozniak’s point about cloud risks

By Michelle Drolet . 7 Aug 2012

In a great article by Ted Samson at InfoWorld, that not even a complex, 16-character password guarantees that your cloud-based data and devices are secure. Here is what Ted had to say: This past weekend, Apple co-founder Steve Wozniak predicted that cloud computing would yield “horrible problems” in coming years. By extraordinary coincidence, Wired reporter … Continue reading Apple iCloud breach proves Wozniak’s point about cloud risks →

Tags

information security tips

security software

Data Breach

network security Security Regulations Security Program Mobile Security Security Services Hackers Security Alert Cloud Security security research Data Privacy cyber-attack Security Partners Application Security Big Data Mobile Apps Mobile Devices ransomware Mobile Protection malware credit card security Fractional Chief Information Security Officer (CISO) BYOD financial security Towerwall Information Security Summit endpoint security system threat landscape penetration testing Sophos Internet of Things cloud services passwords vCISO Worcester Business Journal Michelle Drolet Compliance vulnerability management Web Browser Web Application Firewall Virtual CISO Gap Assessment Webinar Assessment cannabis compliance web server web users Phishing cannabis security iPhone T-Mobile SnoopWall HIPAA CISO software updates Web Storage Tablets Government Compliance Regulations IoT IoT security InfoSec at Your Services Meetup phishing attacks meetup MassBay Community College 10 Things I Know Varonis Apple Encryption AlienVault Microsoft InfoSec at Your Services Android ID Theft Equifax cannabis Mac GDPR Armis NetworkWorld IT Infrastructure OWASP Banking Cannabis iOS Linkedin Bluetooth General Data Protection Regulation (GDPR) Wireless AT&T Candy Alexander Middlesex Savings Bank PCI Third-party Vendor Massachusetts internal emails email scam DROWN medical marijuana Becker College Events Yahoo iOS update Cybersecurity Framework Cryptolocker 2016 Outstanding Women in Business Heartbleed CannaCare NIST Verizon software systems Office European General Data Protection Regulation (GDPR) ISACA Facebook ISSA Breach Prevention FBI Boston scammers infected phone Enterprise BSides Boston infected computer Smartphone Establish Smart Device Information Systems Security Association (ISSA) Intercept X Shockwave. Internet Explorer Linux spear phishing Gmail ISSA New England AMG Amazon botnets hackings Botnet Hack GRC Smart Home General Data Protection Regulation bot-infected Fortinet Information Security Summit 2017 Allegro MicroSystems Framingham Security BSides Boston 2016 Gary Miliefsky SSL Information Security Summit 2016 Firefox Mass Bay Community College cybersecurity trends CyberSN #WBJITFORUM Cache Community Involvement Outlook Outstanding Women in Business artificial intelligence cisco Darktrace Ltd CDW Nadir Izrael Open Web Application Security Project (OWASP) Cyber Security Cyber Defense Magazine vulnerability scanning CryptoWall v3 Cyber Security Career Lifecycle ( CSCL ) 4E Methodology Wearables WannaCry Cyber Security Leader for 2016 Cyber Security Leader 2016 password Wi-Fi Towerwall in the News CEO Michael Lyons Internet Explorer password protection PhishMe RSA Risk Management Training Educate two-factor authentification Center for Internet Security (CIS) employee Twitter Twinstate medical cannabis Budget PIE AOL Securonix Portables SHA1 Ponemon Institute pot dispensaries Ponemon Institute Data Breach point-of-sale breach Shellshock. Bash bug Pot Compliance SHI Settings Pinterest Application Software Security Red Team Exercises secure configurations ransomware-as-a-service Ransomware Protection Security Awareness Training Program APT RFID credit cards Secure Building sandbox SamSam attack routers Scaled Agile Framework for Enterprise (SAFe) Practitioner Science and Technology Tagged With: cannabis compliance Scholarship quid pro quo Security Operations Center Appliance Analysts Safari Apple Pay protected health information (PHI) private sector Project Management Professional public sector Public Wi-Fi Qualys April Fools Pwn2Own appsec application testing Private Browsing Spear phishing emails USB UPnP Unstructured Data Unsecured Wi-Fi user behavior analytics User behavior analytics (UBA) 3D Printing Veeam USM Unix Uniforms Trend Mico Towerwall Security Alert Add-ons Top Computer Security Blogs 2016 TrendMicro trends Unified Security Management (USM) U.S. Department of Health Trends to Watch for in 2018 Virus Vormetric Worcester Business Journal's IT Forum #summitbuzz18 Wireless Access Control Windows WordPress Xerox Corporation Zero-day malware zero-day Year in Review Wikipedia whitepaper 2017 Power 30 Solution Providers 2018 vulnerability VPN web application security 2017 Community Leadership Breakfast Whitelist white market 20 Critical Security Controls TLS Title II of the Communications Act SPAM SOX Sophos SafeGuard Encryption 8 Sophos Intercept X spambots Special Publication 800-53 SSLv2 server SSLv2 SQL injection Sony software bugs smart fridge small to medium size enterprises (SMEs) small and midsize businesses SIMDA botnet smart TV smart-connected Social Security Number Social Engineering Smith & Wesson Starbucks State regulations third party applications The Hawaii Dispensary Alliance Texas tED Magazine Third Party Outsourcing third-party partners Alien Vault Threat Intelligence third-party social media plug-ins TechTarget TCG Network Services switches SuperCom Stealthbits Syria Target TCG Tax Targeted Cyberattack Silicon Review Mass Department of Public Health disaster recovery DevOps device-to-device communications device management DOM DPO DROWN vulnerability DRIDEX botnet Dr. David Podell Department of Consumer Affairs Deidre Diamond Data breaches business security darwin defense darwin Bugcrowd data recovery capability DDoS attacks database systems data recovery plan Drug Policy Alliance eBay firewalls Fingerprinting FCC Evaluate Flash Cookies Foundation for MetroWest Framework breach Fox 25 European Union European Data Protection Board (EDPB) EMV credit cards eBook Series ebook Endpoint Protection Enforce EU legislation EU Data Protection ETag Darkode dark web Cash CIS Controls 17 CIS Controls 16 CIS Controls case study CNBC Conference Compliance and Regulations Community Leadership CIO CIA CES Certified Web Application Penetration Tester Certified Business Continuity Professional certificates CFO Channel Partners Chrome China hack Chief Security Officer Conficker continuous data protection (CDP) canna care Cyber Security education cyber defense CYBER Cyberattack cyberattacks Dallas cybersecurity professionals cybercrime Cumberland County College's 2017 Business Leaders' Summit CTO COSO Cube Corporate Security Cookies Counterintelligence Program CreditDonkey CryptoWall Critical Security Controls (CSC) Critical Security Controls FREAK FTG Mary Shia Mark Zuckerberg’ malwarebytes behavior analytics Center for Internet Security MassBay military Microsoft NERD MetroWest Malicious software machine learning KrebsonSecurity Known vulnerabilities Kmart KISSmetrics Legal weed lingo Mac OSX LSO LogRhythem Misconfigurations MJ Freeway ATM open-source software Offensive Security NFC Patch patch management ata protection officer Penalties PayPal auditing Near-Term ROI mobile malware Mobile Device Security Analyst Bash authentication Auditing Wireless Networks National Security Agency (NSA) National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) Juniper Netwroks Juniper Host-based intrusion detection systems high-profile data breaches HIDS Health Insurance Portability & Accountability Act HTML HTTP IAST human error encryption HTTPS haveibeenpwned.com hacking Gift Cards GHOST Gartner boundary defense Gigamon GNU Bash Remote Code Execution Vulnerability GovConnection Google Wallet Google identification IE ISSA International Awards Big Switch #brainbabe Interwork ISSA International Conference IT departments Java ito IT Support BlueBorne Infraguard independent testing Incident Response and Management Imperva boston voyager Information Security Summit Scholarship InfoSec at your Service INFOSEC Assessment Methodology Information Systems Security Association Penetration Tests

Show Less

Categories

Tags