Risk Management April 25, 2023

Reach out to peers and vendors to build your security

4 min read - Cyberattacks don’t happen in a vacuum. While your organization may be specifically targeted by cybercriminals, the style of attack they are using isn’t unique to you. It’s one they will use over and over, especially if it is successful, and…

Security Services September 1, 2022

What Should Customers Ask Managed Service Providers?

4 min read - Managed service providers (MSPs), sometimes called managed security services (MSS) or MSSP, play a very important role in protecting data and other digital assets and will continue to do so. Some of the benefits include, but are not limited to:…

Incident Response December 13, 2021

A Journey in Organizational Resilience: Geopolitical and Socio-Economic Trends and Threats

3 min read - The last stop on our organizational resilience journey touches one of the issues organizations have the least control over: geopolitical and socio-economic trends and threats. However, they can be some of the most impactful on your organization. Today, the ubiquitous…

Incident Response November 15, 2021

A Journey in Organizational Resilience: The Data Life Cycle

3 min read - With so many efforts focused on restoring systems, applications and workloads, it is easy to miss an important piece: the data that makes business processes possible. A fully restored system is as good as offline if you don’t have the…

Incident Response October 25, 2021

A Journey in Organizational Resilience: Privacy

4 min read - Privacy concerns may not be the first issue that comes to mind when building an enterprise cyber resilience plan. However, you should expect them to gain prominence. For perspective, consider for a moment that the NIST Privacy Framework is a…

Incident Response October 18, 2021

A Journey in Organizational Resilience: Training and Testing

4 min read - We are far from a breach-free world. After all, even cybercriminals have shown their own form of resilience. For example, after a short hiatus, the ransomware group REvil came back in September 2021. Until the day we can leave our…

Incident Response October 11, 2021

A Journey in Organizational Resiliency: Governance

4 min read - From governance comes everything else. It would be reasonable if this journey in organizational resilience started with the governance theme. In fact, many important standards or cybersecurity frameworks begin with policy development. For example: NIST SP 800-34: The first step…

Endpoint October 4, 2021

A Journey in Organizational Resilience: Crisis Management

4 min read - So far in this organizational resilience journey, we have focused mainly on the planning phase, or, as some call it, ‘left of the boom’. For a moment, let’s look at a ‘right of the boom’ (post-incident) theme: crisis management (CM),…

Incident Response September 27, 2021

A Journey in Organizational Cyber Resilience Part 3: Disaster Recovery

5 min read - Moving along our organizational resilience journey, we focus on disaster recovery (DR), the perfect follow-up to business continuity (BC) The two go hand-in-hand, often referenced as BCDR, and both are key to your cyber resilience planning. If you recall from…

Intelligence & Analytics September 24, 2021

How Privileged Access Management Fits Into a Layered Security Strategy

3 min read - In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session…