CISO August 8, 2022

Everything CISOs Need to Know About NIST

4 min read - It’s never been harder to be a chief information security officer (CISO). In 2021, there were 50% more attacks each week compared to 2020. Without a plan, maintaining a robust security posture is an uphill struggle.  Thankfully, the National Institute…

Intelligence & Analytics May 10, 2022

MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

6 min read - The MITRE ATT&CK threat framework is seemingly everywhere these days, and with good reason. It is an invaluable tool for understanding the various methods, or as MITRE refers to them Tactics and Techniques, employed by threat actors. It offers annotated…

Incident Response December 13, 2021

A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats

3 min read - The last stop on our organizational resilience journey touches one of the issues organizations have the least control over: geopolitical and socio-economic trends and threats. However, they can be some of the most impactful on your organization. Today, the ubiquitous…

Incident Response November 8, 2021

A Journey in Organizational Resilience: Supply Chain and Third Parties

4 min read - The next stop on our journey focuses on those that you rely on: supply chains and third parties.  Working with external partners can be difficult. But, there is a silver lining. Recent attacks have resulted in an industry wake-up call…

Incident Response October 25, 2021

A Journey in Organizational Resilience: Privacy

4 min read - Privacy concerns may not be the first issue that comes to mind when building an enterprise cyber resilience plan. However, you should expect them to gain prominence. For perspective, consider for a moment that the NIST Privacy Framework is a…

Incident Response October 11, 2021

A Journey in Organizational Resiliency: Governance

4 min read - From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example: NIST SP 800-34: The first step…

Endpoint October 4, 2021

A Journey in Organizational Resilience: Crisis Management

4 min read - So far in this organizational resilience journey, we have focused mainly on the planning phase, or, as some call it, ‘left of the boom’. For a moment, let’s look at a ‘right of the boom’ (post-incident) theme: crisis management (CM),…

Zero Trust September 24, 2021

Zero Trust: Remote Security For Now and the Future

3 min read - This summer, my to-do list was full of stories about cybersecurity issues related to hybrid work. I was hopeful that the path to the end of the pandemic was ahead of us. Many companies announced their plans for keeping fully…

Intelligence & Analytics September 24, 2021

How Privileged Access Management Fits Into a Layered Security Strategy

3 min read - In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session…

Intelligence & Analytics September 20, 2021

A Journey in Organizational Cyber Resilience Part 2: Business Continuity

4 min read - Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first…