Category Archives: Program Assessment & Compliance

Cybersecurity Policy Enforcement: Strategies for Success

Posted on by

Introduction Your organization has invested significant effort in formally documenting its approach toward cybersecurity to enhance accountability and awareness of security processes; however, operationalizing and enforcing this policy library can appear challenging. Failure to consistently enforce cybersecurity policies generally leads to a degradation of the environment, as individuals come to understand that they will not…

The post Cybersecurity Policy Enforcement: Strategies for Success appeared first on TrustedSec.

Continue reading Cybersecurity Policy Enforcement: Strategies for Success

Why Risk Assessments are Essential for Information Security Maturity

Posted on by

Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk Assessment results. Organizations without any compliance obligations will still benefit from Risk Assessment as they are a key tool for efficiently increasing Information Security maturity and, more importantly, aligning Information Security with business needs and constraints. This…

The post Why Risk Assessments are Essential for Information Security Maturity appeared first on TrustedSec.

Continue reading Why Risk Assessments are Essential for Information Security Maturity

Compliance Abuse: When Compliance Frameworks are Misapplied

Posted on by

Introduction Here at TrustedSec, we help our clients achieve and maintain compliance with a variety of Information Security and privacy frameworks. We often receive requests for compliance assistance with frameworks that don’t make sense when considering the type of organization making the request. We always seek to understand our clients’ needs before proposing an engagement,…

The post Compliance Abuse: When Compliance Frameworks are Misapplied appeared first on TrustedSec.

Continue reading Compliance Abuse: When Compliance Frameworks are Misapplied

A LAPS(e) in Judgement

Posted on by

As security practitioners, we live in a time where there is an abundance of tools and solutions to help us secure our homes, organizations, and critical data. We know the dangers of unpatched applications and devices as well as the virtues of things like password managers and encrypted databases to protect our passwords and other…

The post A LAPS(e) in Judgement appeared first on TrustedSec.

Continue reading A LAPS(e) in Judgement

Looting iOS App’s Cache.db

Posted on by

Insecure By Default Mobile application assessments diverge somewhat from normal web application assessments as there is an installed client application on a local device to go along with the backend server. Mobile applications can often work offline, and thus have a local store of data. This is commonly in the form of SQLite databases stored…

The post Looting iOS App’s Cache.db appeared first on TrustedSec.

Continue reading Looting iOS App’s Cache.db

Measuring the Impact of a Security Awareness Program

Posted on by

Our goal in building a security awareness program is to embed security into our partners’ existing organizational culture. Impacting culture is a long-term process that can take years and requires executive support. If you are tasked with managing a security awareness program, it is your job to measure and show leadership that your program is…

The post Measuring the Impact of a Security Awareness Program appeared first on TrustedSec.

Continue reading Measuring the Impact of a Security Awareness Program

Detection and Alerting: Selecting a SIEM

Posted on by

Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and application logs (including custom applications). This focuses on Security Operations and does not include the engineering side of SIEM management, e.g., licensing, hardware/cloud requirements, retention needs, etc. Each component of the…

The post Detection and Alerting: Selecting a SIEM appeared first on TrustedSec.

Continue reading Detection and Alerting: Selecting a SIEM

Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Posted on by

One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this may already be cringing or yelling at your screen that this question on its own shouldn’t have a simple answer with little actionable value. However, when…

The post Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience appeared first on TrustedSec.

Continue reading Maturity, Effectiveness, and Risk – Security Program Building and Business Resilience

Splunk SPL Queries for Detecting gMSA Attacks

Posted on by

1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘golden’ opportunity. If you’re an enterprise defender, it’s something you need…

The post Splunk SPL Queries for Detecting gMSA Attacks appeared first on TrustedSec.

Continue reading Splunk SPL Queries for Detecting gMSA Attacks

Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC

Posted on by

I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizations can help stop email spoofing using a combination of three…

The post Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC appeared first on TrustedSec.

Continue reading Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC