Articles In Security

By Nancy Rand, Posted in Security

NIST and the PCI DSS Council have both published software development frameworks. PCI DSS published a blog today highlighting an interview between Kevin Stine, Chief of the Applied Cybersecurity Division at NIST and Troy Leach, SVP, Engagement Officer at PCI SSC.  This blog discusses the importance of secure software development and contains links to additional information. https://blog.pcisecuritystandards.org/nist-and-pci-ssc-find-common-ground-in-development-of-software-frameworks Additionally, Th... read more.

  • September 11, 2020

By Nancy Rand, Posted in Security

NIST published links to GDPR and ISO crosswalks to the NIST Privacy Framework. These are published by Microsoft (for ISO/IEC 27701) and the Enterprivacy Consulting Group (for the GDPR-Regulation 2016/679). https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/gdpr-crosswalk-enterprivacy-consulting-group https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/isoiec-27701-crosswalk-microsoft Each spreadsheet provides a mapping between the framework and the GDPR... read more.

  • July 23, 2020

By Bert Amodol, Posted in Security

For the last several years, the news of companies being breached has grown exponentially. These breaches may have been ransomware incidents, data exfiltration, or account compromises. They seem to be multiplying daily and are not limited to a particular industry or company size. You have probably asked yourself what you would do if it happened to your company. The time to think about what to do is before it happens. Being prepared to deal with a breach goes a long way towards a quick recovery and returning... read more.

  • July 21, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

  • April 13, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

  • April 13, 2020

By Nancy Rand, Posted in Security

NIST has released SP 800-53 Revision 5 Public draft for review and comment. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. The following are available at https://go.usa.gov/xdevj Draft SP 800-53 Revision 5 Summary of Changes from Revision 4 Comment Template Open Security Control Assessment Language (XML, JSON, YAML)... read more.

  • April 10, 2020

By Nancy Rand, Posted in Security

Today’s privacy laws and regulations require privacy by design and by default for systems, networks, and applications. ISACA is creating a Privacy Certification. The certification targets IT professionals that implement defenses. It is intended to assess an individual’s ability to design and implement privacy by design. The work is for cross-functional design work and expected to bridge legal and technical functions. These individuals will work with operations, systems, security, application an... read more.

  • April 10, 2020

By Michael Hawkins, Posted in Security

Recent events have compelled companies to support staff members working from home. Some aspects of working from home have similarities to mobile remote staff. But there are distinct differences that need to be taken into account due to the elevated risks that working from home networks present. The risks are human and technological in nature. Let’s review some of each. SECURING THE HOME NETWORK Severe vulnerabilities exist in low-cost consumer routers. Therefore, it is necessary to examine the make... read more.

  • April 10, 2020

By Ken Phelan, Posted in Infrastructure, Security, Staffing, Support

In the early days of the COVID-19 crisis we saw many very large organizations quickly sending employees to work from home. At Gotham we weren’t surprised. We had helped many of these organizations set up the technologies behind this capability. It cost them nothing in productivity to send their employees home. If your organization found itself challenged in that effort, this article is for you. In the midst of this storm, it’s hard to guess what the “new normal” might look like on t... read more.

  • April 02, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, As we work together through the unprecedented challenges presented by the global COVID-19 (coronavirus) pandemic, I wanted to send an update on Gotham’s processes and procedures during the situation. First and foremost, our thoughts go out to all of those who have been personally impacted by COVID-19 and the many people on the front lines in this crisis. We want to express our heartfelt gratitude to first responders, health care workers, truck drivers, and the myriad of other peopl... read more.

  • March 23, 2020