People often ask for advice regarding information security or cybersecurity policies. For the remainder of this article, I will use cybersecurity and information security interchangeably. Nearly always it is a loaded question, exactly what do they mean by policy? Cybersecurity documentation for organizations comes in many levels and is influenced by a number of internal and external sources. Within an organization, there may be four levels of cybersecurity documentation.
Here is a sample high-level cybersecurity policy for a city, district, or county. It is designed to be a high-level statement adopted by city council, supervisors, or board of directors and leave detailed policies and procedure at a lower level. The reason is detailed policy and procedure may need to change regularly and there is no reason to continuingly go back to council or board for detail changes. It is appropriate for department heads to accept the risks to their oper
According to the Verizon 2018 Data Breach Report, 93% of data breaches are linked to phishing or social engineering. With stats like that, you would think cybersecurity awareness would be a top priority for organizations. However, there have been some cybersecurity professionals who claim that awareness is not effective and won’t change individual behavior. I disagree with their pessimism, human behavior can be changed. In fact, advertisers pay millions of dollars for a su
Microsoft has released Compliance Manager for general availability this week. The feature was made available in Public Preview in November 2017, (see MC125028). According to Microsoft, “Compliance Manager is a cross-Microsoft-cloud services feature designed to help organizations meet complex compliance obligations, including GDPR, ISO 27001, ISO 27018, NIST 800-53, and HIPAA.” To access the feature, you can log in to the Service Trust Portal at https://servicetrust.microsof
"That's not the way things work in government." This is the catch all excuse for not doing what needs to be done in the government. The Federal Government has had issues with cybersecurity for years. Recent news indicates that the outlook for the Federal government is not progressing. Having worked for the Federal Government and other government agencies, I think they are their own worst enemies. The bureaucracy created to secure systems has replace the intent and purpose
The Ransomware Threat: New Tactics and how to fight back
The rise of ransomware has become one of the most widespread and financially damaging threats facing businesses today. But, there are steps you can take to reduce the risk of ransomware and protect your business. Watch this webinar with experts Eric Hulse and Josh Reynolds of Cisco Research and Efficacy Team (RET) as they discuss the ransomware threat and how to fight back.
View On-Demand! The Rising Tide of Spam
Cyber attacks are on the rise, affecting companies, government agencies and millions of people. Headlines are filled with stories about companies being hacked for customer information, government agencies secured information being leaked and identify theft. People are losing trust that data cannot be secured. Even though companies and government may spend millions of dollars on security hardware and software, this is not enough to prevent these losses. There are many facto
Small businesses are wide open for hacking. What can small business do to if large companies with dedicated security staff can’t stop data breaches? What small and mediums business need to know about cyber security. The risks related to social media, hackers, Identity Theft, Data Breaches, Espionage...
This video is from a session for a chamber of commerce talk at Coastline Community College. #Cybersecurity #PCI #Compliance #SocialMedia #DataBreach #Espionage #RiskManagem
"Microsoft Azure Security Center helps organizations prevent, detect, and respond to threats by providing increased visibility into the security of cloud workloads and advanced analytics to identify attacks that might otherwise go undetected. Gain insights into how cloud workload owners, IT security professionals, and security operations centers are using Azure Security Center to meet their security management and monitoring needs. We walk through real-world examples, share l
All organizations that process payment cards (Visa, MasterCard, AMEX, etc...) have to comply with the Payment Card Industry Data Security Standard (PCI DSS). All organizations will eventually have to provide evidence of compliance by self-assessment questionnaires, network vulnerability scans, and/or audits to their acquiring bank.
Any organization that processes, stores or transmits credit card information must comply with the Data Security Standard. This includes organ