Blog

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/13 Gotham COVID-19 Update https://bit.ly/2RxqP02 NIST SP 800-53 Revision 5 Public Draft Available for Review and Comment NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. https://bit.ly/3c9lFzm Cloud Security for Rapidly Increasing Remote Work (Fortinet) Many corporate resources, especially at the core network, were not designed for this sudden load of connections and traff... read more.

• April 17, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Gotham, Posted in Infrastructure, Security, Staffing, Support

Gotham Community, It’s been three weeks since New York State issued lockdown orders and four weeks since we enacted our work from home protocol in response to the COVID-19 pandemic. I hope this note finds you all sheltering in place and that you and your families are safe. What follows is a brief update on our current capabilities and procedures. We are serving all of our clients remotely and are pleased to report no impact on our ability to fulfill client requirements and meet our service level ag... read more.

• April 13, 2020

By Nancy Rand, Posted in Security

NIST has released SP 800-53 Revision 5 Public draft for review and comment. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft NIST is separating the controls catalog from the control baselines-SP800-53 Controls catalog, which will be online, and SP800-53B “bravo” Controls Baselines. The following are available at https://go.usa.gov/xdevj Draft SP 800-53 Revision 5 Summary of Changes from Revision 4 Comment Template Open Security Control Assessment Language (XML, JSON, YAML)... read more.

• April 10, 2020

By Nancy Rand, Posted in Security

Today’s privacy laws and regulations require privacy by design and by default for systems, networks, and applications. ISACA is creating a Privacy Certification. The certification targets IT professionals that implement defenses. It is intended to assess an individual’s ability to design and implement privacy by design. The work is for cross-functional design work and expected to bridge legal and technical functions. These individuals will work with operations, systems, security, application an... read more.

• April 10, 2020

By Michael Hawkins, Posted in Security

Recent events have compelled companies to support staff members working from home. Some aspects of working from home have similarities to mobile remote staff. But there are distinct differences that need to be taken into account due to the elevated risks that working from home networks present. The risks are human and technological in nature. Let’s review some of each. SECURING THE HOME NETWORK Severe vulnerabilities exist in low-cost consumer routers. Therefore, it is necessary to examine the make... read more.

• April 10, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 4/6 Wait One Damn Moment, Please Systems implementations are a delicate balancing act, requiring immense time and planning. So throwing in a new app during a routine deployment without doing your due diligence may make things much more difficult in the long run. https://bit.ly/3aOOS29 A practical approach for managing risk (Citrix) Considering the impact that a cyber-security event can have, companies need to have in place a proper risk management framework that aligns with changing business pri... read more.

• April 10, 2020

By Ed Bratter, Posted in Infrastructure

Just wait one damn moment, please. I wonder how many of my fellow IT professionals have experienced some variation of this: You walk into the office on a sunny morning thinking about the tasks you need to do for the day. Before you get to your desk, you run into your manager, who says she needs you to attend a meeting in the conference room in 30 minutes. You grab a cup of coffee, do a couple of quick things, and stroll down the hall wondering what this could be about. You walk into the conference room, wh... read more.

• April 03, 2020

By Eric Corcoran, Posted in Technology Week in Review

Monday 3/30 Cloud, COVID-19, and the Elusive Measure of Agility via F5 If you need help supporting remote work—not every app is SaaS or in a cloud, after all—we're here to help. We have technology and support options to help with availability, remote access, and security. You can also find free resources from our NGINX arm to help you out. https://bit.ly/2QX34OL TrickBot App Bypasses Non-SMS Banking 2FA Though it’s not the first of its kind, this Android malware app is more sophistica... read more.

• April 03, 2020

By Ed Bratter, Posted in Infrastructure

Arguably one of the more tedious tasks when building Exchange servers is configuring the disks and volumes. Even in smaller environments, where there may be only two or three databases, the actual number of volumes gets multiplied by the number of copies in the DAG. Consider an Exchange organization that has three databases with three copies of each database. From a configuration perspective that’s nine volumes that need to be configured. Disk Manager does not provide an efficient way to do this. Ther... read more.

• April 02, 2020