Collaborate Disseminate
The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determ… Continue reading Proactively Hardening Systems: Application and Version Hardening
Vulnerability management (VM) programs are the meat and potatoes of every comprehensive information security program. They are not optional anymore. In fact, many information security compliance, audit and risk management frameworks require organizatio… Continue reading What is Vulnerability Management Anyway?
The concept of configuration hardening has nice imagery to it. When we use it to describe battle-hardened soldiers who have been tested in combat, a grim, determined image invariably leaps to mind. The same thing happens when we speak of hardened steel… Continue reading Configuration Hardening: Proactively Guarding Systems Against Intrusion
Today, I will be going over Control 1 from version 7 of the top 20 CIS Controls – Inventory and Control of Hardware Assets. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 1 Start… Continue reading 20 Critical Security Controls – Control 1: Inventory and Control of Hardware Assets
Today, I will be going over Control 4 from version 7 of the CIS top 20 Critical Security Controls – Controlled Use of Administrative Privileges. I will go through the nine requirements and offer my thoughts on what I’ve found. Key Takeaways… Continue reading 20 Critical Security Controls: Control 4 – Controlled Use of Administrative Privileges
Today, I will be going over Control 5 from version 7 of the CIS top 20 Critical Security Controls – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. I will go through the five requirements and… Continue reading 20 Critical Security Controls: Control 5 – Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
Today, I will be going over Control 6 from version 7 of the CIS top 20 Critical Security Controls – Maintenance, Monitoring, and Analysis of Audit Logs. I will go through the eight requirements and offer my thoughts on what I’ve found. Key … Continue reading 20 Critical Security Controls: Control 6 – Maintenance, Monitoring, and Analysis of Audit Logs
Today, I will be going over Control 7 from version 7 of the CIS top 20 Critical Security Controls – Email and Web Browser Protections. I will go through the 10 requirements and offer my thoughts on what I’ve found. Key Takeaways for Control… Continue reading 20 Critical Security Controls: Control 7 – Email and Web Browser Protections
Today, I will be going over Control 8 from version 7 of the CIS top 20 Critical Security Controls – Malware Defenses. I will go through the eight requirements and offer my thoughts on what I’ve found. Key Takeaways for Control 8 Back to the… Continue reading 20 Critical Security Controls: Control 8 – Malware Defenses
Today, I will be going over Control 9 from version 7 of the CIS top 20 Critical Security Controls – Limitation and Control of Network Ports, Protocols, and Services. I will go through the five requirements and offer my thoughts on what I’ve… Continue reading 20 Critical Security Controls: Control 9 – Limitation and Control of Network Ports, Protocols, and Services