Articles In Security

By Steve Gold, Posted in Security

Let’s start today’s blog with a hearty pat on the back and a big ol’ KUDOS! You get it! You can’t protect what you can’t see. You don’t need to write it on the chalkboard 100 times…unless you’re a huge Bart Simpson fan, then go ahead. Of course, we’re not done with gaining visibility into your environment as you’ll see in future posts. So sorry, not sorry. Now that you have your data inventory, it’s important to know who can access your dat... read more.

• June 06, 2023

By Steve Gold, Posted in Security

You can’t protect what you can’t see! You can’t protect what you can’t see! You can’t protect what you can’t see!  Anybody seeing a theme here? Establishing a process to inventory where your data lives (on-premises storage, mail platforms, endpoints, mobile devices, cloud storage, cloud infrastructure, blah, blah, blah) is the first step in building a data management framework. The second step is to establish labels for your data to understand what data you shoul... read more.

• June 01, 2023

By Steve Gold, Posted in Security

If you get the joke behind the title, you’re either as old as I am or spend hours on the Internet searching for 80’s commercials. Either way, good on ya! In 2006, Clive Humby, a British mathematician and data science entrepreneur, coined the phrase “Data is the new oil.” Humby meant that data, like oil, isn't useful in its raw state. It needs to be refined, processed, and turned into something useful; its value lies in its potential. Many others have come up with different interpret... read more.

• May 23, 2023

By Kevin Santarina, Posted in Security

If you haven’t read tech news in the last week or two, would you have thought twice about clicking on these links if they were embedded into an email? This past month, Google introduced eight new top-level domains that are publicly available for registration. Among them are two very commonly recognized file extensions, .zip and .mov. The .zip extension is one of those file extensions used to indicate to a user that they are about to receive a collection of files, PDFs, documents, installers, etc., a... read more.

• May 23, 2023

By Steve Gold, Posted in Security

If you’ve ever challenged a rule your parents set, you’ve probably heard the phrase, “As long as you live in my house, you’ll live by my rules”. Sometimes, if you’re lucky, it’s followed up with, “You can do whatever you want when you have your own home”. So, what do these painful childhood memories have to do with security? I’m so glad you asked! Your parents established certain rules/processes to ensure that the home, and everyone in it, is prot... read more.

• May 16, 2023

By Steve Gold, Posted in Security

Hopefully by now you’re seeing a trend. You need full visibility into your environment and you also need both the visibility and capability to remove any unauthorized assets or software. I know this may seem kind of basic, but remember, we are only at Control 2. Wait till we get to Control 17 and start discussing Incident Response. But let’s not get ahead of ourselves just yet. After all, we are working with a prescriptive, prioritized, and simplified set of best practices. In the previous blog... read more.

• May 09, 2023

By Steve Gold, Posted in Security

Okay, so it’s not Christmas time but my hair is getting grayer (whiter) and I’m feeling quite jolly talking about security. And because you’ve been so good reading this blog, you deserve a gift. The gift of reusability. Now, I’m not talking about that button down shirt you wore yesterday on your video calls hanging over your chair. I’m talking about using the same tool you use to inventory your assets to inventory your software. Most commercial tools that do one will also do t... read more.

• May 02, 2023

By Steve Gold, Posted in Security

Ok, so that’s not exactly what the sign typically says but you should have your own sign that says “No Approval. No Authorization. No Access!” No one wants uninvited guests in their home/party just like no wants unauthorized, unapproved assets on their network. You need the visibility to know who/what is on your network and the ability to remove them if they’re not authorized. Those unauthorized assets can unknowingly expand your blast radius and increase your attack surface. Wheth... read more.

• April 25, 2023

By Steve Gold, Posted in Security

Don’t know what a blast radius is, well let’s turn to our friend Wikipedia: “The distance from the source that will be affected when an explosion occurs. A blast radius is often associated with bombs, mines, explosive projectiles (propelled grenades), and other weapons with an explosive charge.” From a security perspective, blast radius is used “to designate the impact that a security breach of one single component has on the overall environment. Reducing the blast radius of a... read more.

• April 18, 2023

By Steve Gold, Posted in Security

“There can be only one” If you’re a fan of the movie Highlander like I am, you remember that line. Now, we’re not talking about immortals killing each other until only one remains. We’re talking about security and how to get started. Although, if you post comments on that, perhaps I can start another blog, but I digress. CIS agreed with Connor MacLeod of the Clan MacLeod and felt that there can (should) be only one task for people to start their cybersecurity journey and crea... read more.

• April 11, 2023