Business Risk Assessment – Page 2

How I Retained My QSA Certification

Posted on January 21, 2021 by Amanda Mates

In 2019, the Payment Card Industry (PCI) Security Standards Council (SSC) modified the Qualification Requirements for Qualified Security Assessor (QSA) employees. Prior to the modification, the requirements stipulated that QSA employees must hold either an Information Security certification or an audit certification, but now QSA employees must have a minimum of two (2) industry certifications:…

The post How I Retained My QSA Certification appeared first on TrustedSec.

Continue reading How I Retained My QSA Certification→

Making EDR Work for PCI

Posted on September 10, 2020 by Amanda Mates

The Endpoint Detection & Response (EDR) and Advanced Threat Protection (ATP) marketplace is abuzz with products that blur the lines of personal firewall, host-based intrusion detection system (IDS) and intrusion prevention system (IPS), anti-virus, system logging, and file integrity monitoring (FIM). These solutions are centrally managed from your web browser and include advanced dashboards for…

The post Making EDR Work for PCI appeared first on TrustedSec.

Continue reading Making EDR Work for PCI→

Want Better Alerting? Consider Your Business Processes

Posted on May 19, 2020 by Nathan Noll

Logging, monitoring, and alerting programs are some of the most critical elements of any security and compliance program, but traditional approaches for implementing and upgrading these capabilities are often noisy, expensive, and laborious. Traditional Alerting Approaches are Failing During program assessments, we find that a lot of clients are generating so many alerts that they…

The post Want Better Alerting? Consider Your Business Processes appeared first on TrustedSec.

Continue reading Want Better Alerting? Consider Your Business Processes→

Vendor Enablement: Rethinking Third-Party Risk

Posted on April 30, 2020 by Nathan Noll

Third-party risk management is an essential element of information security. It is common to see news about a large company being breached, and after learning more, you find out the breach was the result of a vendor. When you depend on another organization for a critical business process and allow them access to your network,…

The post Vendor Enablement: Rethinking Third-Party Risk appeared first on TrustedSec.

Continue reading Vendor Enablement: Rethinking Third-Party Risk→

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Posted on March 25, 2020 by Nathan Noll

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (similar to a castle…

The post Securing a Remote Workforce: Top Five Things to Focus on For Everyone appeared first on TrustedSec.

Continue reading Securing a Remote Workforce: Top Five Things to Focus on For Everyone→

Crossover Sec: Breaking Down the Silos

Posted on March 24, 2020 by Amanda Mates

People who know me well, or who saw the Derbycon 6 talk I gave with Adam Hogan, “Adaptation of the Security Sub-Culture,” know of my non-InfoSec hobby and history of playing in loud bands that recorded and toured across the U.S. and Canada, mostly in the 90s. It was music in the 80s that had…

The post Crossover Sec: Breaking Down the Silos appeared first on TrustedSec.

Continue reading Crossover Sec: Breaking Down the Silos→

Why We Are Launching the TrustedSec Sysmon Community Guide

Posted on February 6, 2020 by Nathan Noll

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the…

The post Why We Are Launching the TrustedSec Sysmon Community Guide appeared first on TrustedSec.

Continue reading Why We Are Launching the TrustedSec Sysmon Community Guide→

The Three Step Security Strategy

Posted on October 8, 2019 by Nathan Noll

Why Does Strategy Matter? The term ‘security strategy’ can be ambiguous and often means different things to different people. Because of this, many organizations do not have a formalized security strategy and those that do may not have an effective one. This is understandable. Managing the day-to-day issues associated with a security program (alerts, audits,…

The post The Three Step Security Strategy appeared first on TrustedSec.

Continue reading The Three Step Security Strategy→

Attacks on the Rise Through Office 365

Posted on September 17, 2019 by Nathan Noll

Office 365 is the most popular line of digital services for businesses for a reason, but when it comes to cyberattacks, its ubiquity is creating challenges. If it seems like every week there’s a new headline about a large-scale hacking incident, it’s not a case of rampant fake news. According to the 2018 Symantec Internet Security…

The post Attacks on the Rise Through Office 365 appeared first on TrustedSec.

Continue reading Attacks on the Rise Through Office 365→