Articles In Security

By Nancy Rand, Posted in Security

When preparing to securely work from anywhere, it is tantamount that a zero trust policy be adopted. Locations and assets are not to be inherently trusted. A system of policies and software are needed to protect from malicious intent.  In August 2020, NIST published SP 800-207, the final version of their Zero Trust Architecture. It is available for download from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf The tenets of zero trust are presented in section 2.1. They are... read more.

• October 05, 2020

By Nancy Rand, Posted in Security

NIST and the PCI DSS Council have both published software development frameworks. PCI DSS published a blog today highlighting an interview between Kevin Stine, Chief of the Applied Cybersecurity Division at NIST and Troy Leach, SVP, Engagement Officer at PCI SSC.  This blog discusses the importance of secure software development and contains links to additional information. https://blog.pcisecuritystandards.org/nist-and-pci-ssc-find-common-ground-in-development-of-software-frameworks Additionally, Th... read more.

• September 11, 2020

By Nancy Rand, Posted in Security

NIST published links to GDPR and ISO crosswalks to the NIST Privacy Framework. These are published by Microsoft (for ISO/IEC 27701) and the Enterprivacy Consulting Group (for the GDPR-Regulation 2016/679). https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/gdpr-crosswalk-enterprivacy-consulting-group https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/isoiec-27701-crosswalk-microsoft Each spreadsheet provides a mapping between the framework and the GDPR... read more.

• July 23, 2020

By Bert Amodol, Posted in Security

For the last several years, the news of companies being breached has grown exponentially. These breaches may have been ransomware incidents, data exfiltration, or account compromises. They seem to be multiplying daily and are not limited to a particular industry or company size. You have probably asked yourself what you would do if it happened to your company. The time to think about what to do is before it happens. Being prepared to deal with a breach goes a long way towards a quick recovery and returning... read more.

• July 21, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Nancy Rand, Posted in Security

NIST has released SP 800-53 Revision 5 Public draft for review and comment. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. The following are available at https://go.usa.gov/xdevj Draft SP 800-53 Revision 5 Summary of Changes from Revision 4 Comment Template Open Security Control Assessment Language (XML, JSON, YAML)... read more.

• April 10, 2020

By Nancy Rand, Posted in Security

Today’s privacy laws and regulations require privacy by design and by default for systems, networks, and applications. ISACA is creating a Privacy Certification. The certification targets IT professionals that implement defenses. It is intended to assess an individual’s ability to design and implement privacy by design. The work is for cross-functional design work and expected to bridge legal and technical functions. These individuals will work with operations, systems, security, application an... read more.

• April 10, 2020

By Michael Hawkins, Posted in Security

Recent events have compelled companies to support staff members working from home. Some aspects of working from home have similarities to mobile remote staff. But there are distinct differences that need to be taken into account due to the elevated risks that working from home networks present. The risks are human and technological in nature. Let’s review some of each. SECURING THE HOME NETWORK Severe vulnerabilities exist in low-cost consumer routers. Therefore, it is necessary to examine the make... read more.

• April 10, 2020

By Ken Phelan, Posted in Infrastructure, Security, Staffing, Support

In the early days of the COVID-19 crisis we saw many very large organizations quickly sending employees to work from home. At Gotham we weren’t surprised. We had helped many of these organizations set up the technologies behind this capability. It cost them nothing in productivity to send their employees home. If your organization found itself challenged in that effort, this article is for you. In the midst of this storm, it’s hard to guess what the “new normal” might look like on t... read more.

• April 02, 2020