Collaborate Disseminate
If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring fil… Continue reading What Is Integrity Management?
For the better part of a decade, I have spent a good amount of time analyzing security and compliance frameworks. There is beauty to be found in every one of them. Some are very high level and leave the organization to interpret how to implement the va… Continue reading Mapping the ATT&CK Framework to CIS Controls
A provider of HR software said that a malware infection might have exposed user data including personal and account information. According to a statement posted on its website, PageUp observed unusual activity on its IT infrastructure and subsequently … Continue reading HR Software Provider Says Malware Infection Might Have Exposed User Data
The latest revision to PCI DSS, PCI 3.2, provides specific security guidance on the handling, processing, transmitting and storing of credit card data. PCI 3.2 presents an opportunity for retail, healthcare, finance and hospitality organizations to min… Continue reading 3 Key Challenges To Being PCI 3.2 Compliant and How To Resolve Them
Today, I will be going over Control 14 from version 7 of the CIS top 20 Critical Security Controls – Controlled Access Based on the Need to Know. I will go through the nine requirements and offer my thoughts on what I’ve found. Key Takeaway… Continue reading 20 Critical Security Controls: Control 14 – Controlled Access Based on the Need to Know
The benefits of a capable and properly deployed File Integrity Monitoring (FIM) solution are plentiful: If you see unexpected or unexplained file changes, you can investigate immediately and resolve the issue quickly if your system has been compromised… Continue reading The Five Stages of File Integrity Monitoring (FIM)
In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures lo… Continue reading 4 Security Controls Keeping Up with the Evolution of IT Environments
We want more of the CIA Triad. No, this has nothing to do with the US government agency. It stands for “confidentiality, integrity, and availability.” What it alludes to is the idea of protecting access to privileged information (confidenti… Continue reading Foundational Controls that Assure Integrity
Enterprise networks are at risk of digital threats now more than ever. To remain competitive in the digital age, organizations frequently introduce new hardware devices and software installations to their IT environments. But these assets might suffer … Continue reading What Is Log Management?
Recently, my nine-year-old son informed me that he had observed over time how I always seem to help other people and how others always depend on me. I said to him that, in a way, he is much the same, as he is always saying ‘yes’ to doing li… Continue reading Why ‘Yes Persons’ Make Change Control a Necessity for Your Company