Category Archives: Business Risk Assessment

Why Risk Assessments are Essential for Information Security Maturity

Posted on by

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk Assessment results. Organizations without any compliance obligations will still benefit from Risk Assessment as they are a key tool for efficiently increasing Information Security maturity and, more importantly, aligning Information Security with business needs and constraints. This…

The post Why Risk Assessments are Essential for Information Security Maturity appeared first on TrustedSec.

Continue reading Why Risk Assessments are Essential for Information Security Maturity

Cisco Hackery: TcL Proxy

Posted on by

Since moving to an offensive security role, I have always wanted to use SSH port forwarding through a Cisco router during a Penetration Test. However, the SSH implementation on a Cisco device does not provide the ability to customize the sshd_config file permitting port forwarding. Although there is the possibility of leveraging network address translation…

The post Cisco Hackery: TcL Proxy appeared first on TrustedSec.

Continue reading Cisco Hackery: TcL Proxy

The First Steps on the Zero Trust Journey

Posted on by

One of the most discussed concepts in the Information Security world in recent history has been Zero Trust. Although many vendors claim to have products for implementing Zero Trust, an organization must not view them as an instant solution to achieving Zero Trust. Zero Trust should be viewed as a philosophy comprised of many controls…

The post The First Steps on the Zero Trust Journey appeared first on TrustedSec.

Continue reading The First Steps on the Zero Trust Journey

The Crucial Role of Data Center Resiliency in Business Security

Posted on by

For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday responsibilities of the IT or Security departments, they are crucial to systems availability and to the ongoing operations of the business. Having a full understanding of the capacity and capabilities of…

The post The Crucial Role of Data Center Resiliency in Business Security appeared first on TrustedSec.

Continue reading The Crucial Role of Data Center Resiliency in Business Security

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

Posted on by

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.

Continue reading Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

Real or Fake? How to Spoof Email

Posted on by

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and…

The post Real or Fake? How to Spoof Email appeared first on TrustedSec.

Continue reading Real or Fake? How to Spoof Email

Reducing Merchant Scope to Ease the Compliance Burden

Posted on by

Merchants should spend more time doing what they are good at—i.e., selling and merchandising—versus trying to keep up with validating and maintaining PCI compliance. How can this be accomplished? Using either an end-to-end encryption (E2EE) or point-to-point encryption (P2PE) solution for each point-of-sale (POS) system eliminates some of the complex hoops that merchants are required…

The post Reducing Merchant Scope to Ease the Compliance Burden appeared first on TrustedSec.

Continue reading Reducing Merchant Scope to Ease the Compliance Burden

The Backup Paradigm Shift: Moving Toward Attack Response Systems

Posted on by

Black Hawk Down I’m guessing a lot of us in the IT and Security space have experienced the gut wrenching feeling of not receiving that ICMP ping reply you were expecting from a production system, be it a firewall, switch, or server. Was there a recent configuration change that happened prior to the last reboot?…

The post The Backup Paradigm Shift: Moving Toward Attack Response Systems appeared first on TrustedSec.

Continue reading The Backup Paradigm Shift: Moving Toward Attack Response Systems

Companies on High Alert for Unemployment Fraud

Posted on by

Proactive Measures to Thwart Unemployment Fraud In the past few months, the TrustedSec Incident Response team has responded to several incidents of unemployment benefit fraud. Due to the pandemic and nationwide lockdowns, there has been an extremely high volume of unemployment claims submitted across the United States, and with greater instances of fraud making it difficult…

The post Companies on High Alert for Unemployment Fraud appeared first on TrustedSec.

Continue reading Companies on High Alert for Unemployment Fraud

Yes, It’s Time for a Security Gap Assessment

Posted on by

For many organizations, rapidly implementing work-from-home initiatives over the past year due to the COVID-19 pandemic required quickly rolling out new processes and deploying new technologies without adequate time for attention to Information Security standards. Perhaps your company recently acquired a new line of business, and you want to make sure the integration won’t adversely…

The post Yes, It’s Time for a Security Gap Assessment appeared first on TrustedSec.

Continue reading Yes, It’s Time for a Security Gap Assessment