Articles In Security

By Ken Phelan, Posted in Security

In response to a growing number of serious cyber threats and incidents, President Biden has issued an Executive Order (EO) regarding improving the nation’s cybersecurity. I don’t personally read a lot of EOs, but I read this one, and if you’re part of the cyber industry, you probably should too. Given that you probably won’t, I’ll do some summarizing for you. There’s stuff about cooperation and standards, but I’d like to draw your attention to the EO’s requir... read more.

• May 24, 2021

By Nancy Rand, Posted in Infrastructure, Security

The Cloud Security Alliance released two new research documents to provide guidance on Cloud Incident Response and Consuming and Providing APIs. https://cloudsecurityalliance.org/artifacts/cloud-incident-response-framework/?utm_source=email https://cloudsecurityalliance.org/artifacts/security-guidelines-for-providing-and-consuming-apis/?utm_source=email Cloud Incident Response provides a framework for handling the lifecycle of a security incident in the cloud and discusses what information is shared inte... read more.

• May 18, 2021

By Nancy Rand, Posted in Security

The PCI Security Standards Council, PCI SSC, published a new version of the Secure Software Standard and its supporting program documentation on 4/29/2021. https://www.pcisecuritystandards.org/about_us/press_releases/pr_04292021 This version includes a new Terminal Software Module that contains requirements for software used on PCI-approved PIN Transaction Security (PTS) Point-of-Interaction (POI) devices. There are currently two other modules in this Standard: The “Core” module that contai... read more.

• May 18, 2021

By Monica Jimenez, Posted in Infrastructure, Security

The combinations of authentication apps and thin clients are endless nowadays. With the many different types of technologies out there though, not every combination has been documented. At a recent customer engagement, there was a combination of products that isn’t very common, at least not yet, being implemented in an IGEL environment.  Customer Environment: IGEL devices on firmware 11.04.250.01 using the built-in default Citrix Workspace client are deployed within an environment configured fo... read more.

• March 02, 2021

By Nancy Rand, Posted in Security

The Cloud Security Alliance released their latest version of the Cloud Control Matrix (CCM) on 1/20/21. It is available from their website after answering a few questions. The mappings to Scope Applicability, Architectural Relevance, Corporate Governance Relevance, Cloud Service Delivery Model Applicability, Supplier Relationship, are not yet available, but the CSA has released the matrix to assist organizations to prepare to upgrade to version 4. https://cloudsecurityalliance.org/research/cloud-controls-m... read more.

• January 22, 2021

By Nancy Rand, Posted in Security

When preparing to securely work from anywhere, it is tantamount that a zero trust policy be adopted. Locations and assets are not to be inherently trusted. A system of policies and software are needed to protect from malicious intent.  In August 2020, NIST published SP 800-207, the final version of their Zero Trust Architecture. It is available for download from: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf The tenets of zero trust are presented in section 2.1. They are... read more.

• October 05, 2020

By Nancy Rand, Posted in Security

NIST and the PCI DSS Council have both published software development frameworks. PCI DSS published a blog today highlighting an interview between Kevin Stine, Chief of the Applied Cybersecurity Division at NIST and Troy Leach, SVP, Engagement Officer at PCI SSC.  This blog discusses the importance of secure software development and contains links to additional information. https://blog.pcisecuritystandards.org/nist-and-pci-ssc-find-common-ground-in-development-of-software-frameworks Additionally, Th... read more.

• September 11, 2020

By Nancy Rand, Posted in Security

NIST published links to GDPR and ISO crosswalks to the NIST Privacy Framework. These are published by Microsoft (for ISO/IEC 27701) and the Enterprivacy Consulting Group (for the GDPR-Regulation 2016/679). https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/gdpr-crosswalk-enterprivacy-consulting-group https://www.nist.gov/privacy-framework/resource-repository/browse/crosswalks/isoiec-27701-crosswalk-microsoft Each spreadsheet provides a mapping between the framework and the GDPR... read more.

• July 23, 2020

By Bert Amodol, Posted in Security

For the last several years, the news of companies being breached has grown exponentially. These breaches may have been ransomware incidents, data exfiltration, or account compromises. They seem to be multiplying daily and are not limited to a particular industry or company size. You have probably asked yourself what you would do if it happened to your company. The time to think about what to do is before it happens. Being prepared to deal with a breach goes a long way towards a quick recovery and returning... read more.

• July 21, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020