Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us
image01

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now
image01

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now
image01

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more
image01

THE BLOG

  • Jun 15, 2021
    Going Back to Basics

    Attacks today seem to follow the same playbook: crack the perimeter, exploit bad internal fundamentals, deploy ransomware, profit. The playbook is the same each time because it continues to work. How do you stay ahead of it?

    Organizational response to external breaches is mostly reactive. Wait until a breach makes the news cycle, then dig into intel feeds hoping for a meaty bundle of IOCs to explore. Later, speculate for a few days over how sophisticated the attack was, only to find out that the root cause of the breach was phishing, patching, or a bad password. Finally, internally search out and fix the specific patch or block the phishing email subject line and wait until the cycle repeats. These steps are indeed important, but each time the prevention bulletins come out, they seem to be based more on good security practices than any other element.

    What are good security practices? Good (tested) backups, two factor authentication, patching, logging, monitoring, etc. Basically, all the areas covered in a solid cybersecurity plan. Unfortunately, the basics are not always easy, and they are certainly not the coolest technology everyone wants to play with.  Instead of diligent patching, configuration management, and a solid monitoring program, many organizations rely on expensive EDR. Instead of good coding practices, organizations deploy application firewalls. Security has always been about layers, and as attacks have continued to become more complex, layers are what is needed. However, these layers must be built on the implementation of good foundational security practices.

    Organizational focus on cleaning things up and getting the basics right will stop many attacks up front.  Assessment of your current gaps and setting a plan for filling them in will also pay dividends. If you are looking for a framework to follow, using the NIST CSF is something that most organizations can easily align to. Start small, be realistic, and keep re-assessing as you work towards a goal. Risks will shift, threats will shift, but if you have a good foundation, adjusting to meet them will not be difficult.



  • May 16, 2021
    Cybersecurity Plan Must Haves

    We work with organizations large and small. Something they all have in common? – A need to protect themselves against cyber threats. Budgets and security layers come in all shapes and sizes, but no matter what, there are two items needed at the base of any robust cybersecurity program. 1) Security Awareness and Education, and 2) IT Security Policies and Standards. We will go into detail in later posts, but here are some high-level thoughts on these areas of focus. 

    Security Awareness and Education. Like it or not, attackers will continue to use email, social engineering, and phishing campaigns to target users. Ensuring your workforce is educated regularly on cybersecurity issues is a cornerstone to combating these threats – not to mention it is also a standard regulatory requirement. Additional education on regulatory requirements, password management, data protection and other key security components will help to teach all users that cybersecurity is the responsibility of everyone in the organization. When your employees know better, they will do better. Understanding the fundamentals to staying safe online and protecting organizational data will bolster your cybersecurity program on day one. And remember, education comes in many forms – emails, videos, meetings, formal trainings, etc. Make it part of the culture and it will pay off. 

    Policies and Standards. This is a huge topic – the more policies and standards we write, the more pop up that need to be written. Security policies will help you to outline the beliefs of the organization. What are the tenants that are put in place that the organization will live by? How will data be protected? Will data be encrypted at rest, in storage? Will multi-factor authentication be required? How will data on mobile devices be protected? Will security training be required? If so, how often? On a tight budget, you can skim the Internet (safe sites of course) for sample policies and use internal resources to customize them to your environment. On a looser budget, you can hire someone to solely work to create and ratify this documentation or outsource its creation. No matter how you go about it, we would urge you to get them in place to layout the framework for your organization's approach to cybersecurity. From there, get the details documented within your standards so the organization is clear on the methods you are using to secure your environment.  

Popular Offerings

IT Security Healthcheck

    We provide a multi-leveled, custom IT Security Healthcheck of your technology environment leveraging a proprietary stack of tactical and operational checkpoints to deliver an analysis of the environment – within your needs and budget - to identify gaps and risks and provide actionable remediation steps with tiered goals.

NARC® Deception Technology

    Our patented NARC® technology identifies internal compromise or malicious insiders. By creating virtual targets and enticing malicious users to them through open services and potentially valuable data, organizations can root out illegitimate traffic and users quickly and without false positives.

PROTECT YOUR BUSINESS.
MITIGATE YOUR RISKS.

Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.