Articles In Security

By Bert Amodol, Posted in Security

In today's interconnected digital landscape, where cyber threats loom large, ensuring robust cybersecurity measures is crucial for individuals, businesses, and organizations alike. The complexity and evolving nature of cyber threats necessitates proactive approaches to identify vulnerabilities, assess response capabilities, and enhance incident management. Among the arsenal of cybersecurity tools, tabletop exercises have emerged as a powerful method for preparing and fortifying defenses. Understanding Tabl... read more.

  • June 30, 2023

By Steve Gold, Posted in Security

This blog just leveled up. My good friend and colleague Bryon Singh, Director of Security Operations at Railworks Corporation has agreed to collaborate on this blog to bring not only the WHY but also the WHAT & HOW to becoming more secure. Hope you enjoy! Steve’s Thoughts When it comes to protecting sensitive data, encryption is the secret handshake of the cybersecurity world. It's like the clandestine cult language that ensures your information remains secure and impervious to prying eyes. For... read more.

  • June 28, 2023

By Steve Gold, Posted in Security

Hopefully, you get the reference above from the SNL skit. I thought about manipulating Billy Joel’s amazing song ”Say Goodbye to Hollywood” but decided to go simpler. OK, let’s get into it. In today's data-driven world, organizations collect and store vast amounts of sensitive information. However, with the growing number of cyber threats and regulatory requirements, securely disposing of data is just as crucial as protecting it. As part of an enterprise's comprehensive data managem... read more.

  • June 21, 2023

By Steve Gold, Posted in Security

To Retain Or Not To Retain? That Is The question. Memorial Day has passed and summer is here. I don’t know about you but each summer I go through my closet in an attempt to de-clutter. As I stand in my closet looking at clothing that doesn’t fit anymore to donate, or ripped/stained/damaged clothing to discard, all I can think about is Data Retention. I know, right! Wouldn’t it be great if you could simply look at your data like you look at your clothing and know whether it should be kept... read more.

  • June 14, 2023

By Steve Gold, Posted in Security

Let’s start today’s blog with a hearty pat on the back and a big ol’ KUDOS! You get it! You can’t protect what you can’t see. You don’t need to write it on the chalkboard 100 times…unless you’re a huge Bart Simpson fan, then go ahead. Of course, we’re not done with gaining visibility into your environment as you’ll see in future posts. So sorry, not sorry. Now that you have your data inventory, it’s important to know who can access your dat... read more.

  • June 06, 2023

By Steve Gold, Posted in Security

You can’t protect what you can’t see! You can’t protect what you can’t see! You can’t protect what you can’t see!  Anybody seeing a theme here? Establishing a process to inventory where your data lives (on-premises storage, mail platforms, endpoints, mobile devices, cloud storage, cloud infrastructure, blah, blah, blah) is the first step in building a data management framework. The second step is to establish labels for your data to understand what data you shoul... read more.

  • June 01, 2023

By Steve Gold, Posted in Security

If you get the joke behind the title, you’re either as old as I am or spend hours on the Internet searching for 80’s commercials. Either way, good on ya! In 2006, Clive Humby, a British mathematician and data science entrepreneur, coined the phrase “Data is the new oil.” Humby meant that data, like oil, isn't useful in its raw state. It needs to be refined, processed, and turned into something useful; its value lies in its potential. Many others have come up with different interpret... read more.

  • May 23, 2023

By Kevin Santarina, Posted in Security

If you haven’t read tech news in the last week or two, would you have thought twice about clicking on these links if they were embedded into an email? This past month, Google introduced eight new top-level domains that are publicly available for registration. Among them are two very commonly recognized file extensions, .zip and .mov. The .zip extension is one of those file extensions used to indicate to a user that they are about to receive a collection of files, PDFs, documents, installers, etc., a... read more.

  • May 23, 2023

By Steve Gold, Posted in Security

If you’ve ever challenged a rule your parents set, you’ve probably heard the phrase, “As long as you live in my house, you’ll live by my rules”. Sometimes, if you’re lucky, it’s followed up with, “You can do whatever you want when you have your own home”. So, what do these painful childhood memories have to do with security? I’m so glad you asked! Your parents established certain rules/processes to ensure that the home, and everyone in it, is prot... read more.

  • May 16, 2023

By Steve Gold, Posted in Security

Hopefully by now you’re seeing a trend. You need full visibility into your environment and you also need both the visibility and capability to remove any unauthorized assets or software. I know this may seem kind of basic, but remember, we are only at Control 2. Wait till we get to Control 17 and start discussing Incident Response. But let’s not get ahead of ourselves just yet. After all, we are working with a prescriptive, prioritized, and simplified set of best practices. In the previous blog... read more.

  • May 09, 2023