Articles In Security

By Steve Gold, Posted in Security

Okay, so it’s not Christmas time but my hair is getting grayer (whiter) and I’m feeling quite jolly talking about security. And because you’ve been so good reading this blog, you deserve a gift. The gift of reusability. Now, I’m not talking about that button down shirt you wore yesterday on your video calls hanging over your chair. I’m talking about using the same tool you use to inventory your assets to inventory your software. Most commercial tools that do one will also do t... read more.

  • May 02, 2023

By Steve Gold, Posted in Security

Ok, so that’s not exactly what the sign typically says but you should have your own sign that says “No Approval. No Authorization. No Access!” No one wants uninvited guests in their home/party just like no wants unauthorized, unapproved assets on their network. You need the visibility to know who/what is on your network and the ability to remove them if they’re not authorized. Those unauthorized assets can unknowingly expand your blast radius and increase your attack surface. Wheth... read more.

  • April 25, 2023

By Steve Gold, Posted in Security

Don’t know what a blast radius is, well let’s turn to our friend Wikipedia: “The distance from the source that will be affected when an explosion occurs. A blast radius is often associated with bombs, mines, explosive projectiles (propelled grenades), and other weapons with an explosive charge.” From a security perspective, blast radius is used “to designate the impact that a security breach of one single component has on the overall environment. Reducing the blast radius of a... read more.

  • April 18, 2023

By Steve Gold, Posted in Security

“There can be only one” If you’re a fan of the movie Highlander like I am, you remember that line. Now, we’re not talking about immortals killing each other until only one remains. We’re talking about security and how to get started. Although, if you post comments on that, perhaps I can start another blog, but I digress. CIS agreed with Connor MacLeod of the Clan MacLeod and felt that there can (should) be only one task for people to start their cybersecurity journey and crea... read more.

  • April 11, 2023

By Steve Gold, Posted in Security

Security: the final frontier. These are the safeguards of the CIS Critical Security Controls. It’s ongoing mission: To protect organizations, To seek out security gaps and misconfigured systems, To boldly go where few security professionals have gone before. Hi, I’m Steve Gold. Cybersecurity Practice Director for Gotham Technology Group and a little bit of a closet Trekkie. I’ve spent my career working for organizations that truly help people. From Wyse Technology, which minimize... read more.

  • April 04, 2023

By Timothy Karl, Posted in Infrastructure, Security, Support, Virtualization

Citrix recently released the first new LTSR version of Citrix Virtual Apps and Desktops in over two years. Here is what I feel are the top 5 new features and enhancements available in 2203: #1 - Microsoft Teams Optimizations Citrix has added a lot of functionally to Microsoft Teams optimizations over the last two years that were until now only available in current releases. These new functionalities in the latest LTSR release include: App sharing Multimonitor screen sharing DTMF support Proxy server... read more.

  • April 15, 2022

By Nancy Rand, Posted in Security

The PCI Council published a blog announcing the coming of PCI DSS version 4.0 at the end of March 2022 https://blog.pcisecuritystandards.org/countdown-to-pci-dss-v4.0. The blog contains a PCI DSS Version 4.0 Implementation timeline. The new standard document, the Summary of Changes v3.2.1 to 4.0 will be released along with the Report on Compliance ROC Template and Attestations of Compliance AOC documents at the end of March 2022. The Self-Assessment Questionnaires SAQs will be available shortly after. Tr... read more.

  • March 17, 2022

By Nancy Rand, Posted in Security

In November, Troy Leach, Senior Vice President, Engagement Officer for the PCI Security Standards Council (PCI SSC), and Suzie Squier, President of the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), discussed the protection of payment data during this holiday season.   https://blog.pcisecuritystandards.org/be-on-alert-this-holiday-season In October, the PCI SSC blog focused on their Work from Home Security Awareness Training, which is available from the council.... read more.

  • November 29, 2021

By Gotham, Posted in Security

This is a guest blog from Proofpoint, a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Today’s organizations face a variety of challenges and security risks, ranging from ransomware to phishing campaigns. For this reason, many organizations invest significant time and resources to detect and prevent external threats. But one area that is often overlooked is the insider threat. There are three primary types of insider threats: Malicious:... read more.

  • September 20, 2021

By Gotham, Posted in Security

This is a guest blog from Proofpoint, a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Today’s organizations face a variety of challenges and security risks, ranging from ransomware to phishing campaigns. For this reason, many organizations invest significant time and resources to detect and prevent external threats. But one area that is often overlooked is the insider threat. There are three primary types of insider threats: Malicious:... read more.

  • September 20, 2021