Collaborate Disseminate
In $SomeCorpo there is a policy that passwords must never be stored anywhere else except employees’ heads. Paper notes, password managers, storing passwords in browsers, etc, are all forbidden. To facilitate this they are even willing to r… Continue reading Does the recommendation to use password managers also apply to corporate environments?
Current Threat Intelligence leads me to believe, that Senior Management of my company could be targeted by Threat Actors like APT28.
Threats I am concerned about are – listed by priority:
Information gathering
Corporate Espionage
Disrupti… Continue reading Which security measures are reasonable for senior management in a Fortune 500 company if nation state threat actors like APT28 become a concern?
This question (How safe are employee laptops in China against International corporate espionage?) got me thinking – what is the proper way to go on a business trip to China and protect your laptop. What are best practices and no-gos?
Is it… Continue reading How to properly protect company laptop on a business trip to China [duplicate]
The team is trying to decide which SSL implementation should be used in a specific embedded device. The device should be FIPS 140-3 certified. A part of the team wants to buy the license for the Mocana implementation because they worked wi… Continue reading Is there any advantage of using Mocana SSL library vs openSSL?
The ISO27001 standard requires many policies and procedures which have to be reviewed on regular basis. I have seen Sharepoint and simple network shares being used to manage policies and procedures, but I am looking for a better way that g… Continue reading How to manage ISMS policies and documentation [closed]
We have a set of ISMS documents like master security policy, supplier relations etc. classified as INTERNAL according to data classification policy.
Now a potential customers infosec department is requiring a copy of all our policies sent … Continue reading Sharing internal security policies with potential customers?
Sometime ago I was told by our cyber department that Telegram desktop app is not "safe" as it allows silent installation of programs (first I heard about it, and they could not back it by anything). Which makes me think they are … Continue reading Difference between the telegram (win1) desktop app and web interface when it is "managed by your organization"?
I’ve been reading about security classifications, and have a fundamental question I can’t seem to find an answer to. Why does the designation Sensitive But Unclassified (SBU) exist? Why not just classify it?
I can guess it may have to do… Continue reading What is the reason for Sensitive But Unclassified (SBU)?
Or Windows 11 pre-release, just cause I’m curious?
(By employees if that wasn’t implicit.)
Continue reading Is Windows 10 Insider Build usable within SOC 2 compliance?
Background
I’ve recently joined a rapidly growing small business (from 4 to 20 people in last 12 months) with a very DIY IT setup. It’s fallen to me (I’m a developer so I just happen to be sitting nearest IT world…) to improve their secu… Continue reading Cyber Essentials at a small business (20 employees) that keeps all business data within SaaS