Connecticut Information Security
is a full-service cyber security firm

We specialize in mitigating security risks, protecting networks, aligning organizations with security standards, and educating workforce members on security-related topics and tools.

Learn more about us
image01

Top Issues from Top Experts

Get in touch with today's top security topics from
the experts in the field.

Visit our blog now
image01

Are You Exposed?

Need help evaluating your security risks?
We are here to help.

Contact us now
image01

CTInfoSec has extensive experience
performing security assessments

We work in a variety of industries, including insurance, financial services, mobile applications, healthcare, online services, manufacturing, utilities, real estate, business services and more.

Find out more
image01

THE BLOG

  • Nov 21, 2022
    Closing out the Year

    Here in the Northeast, the seasons are changing. The leaves have fallen, and the mornings are crisp, which means it’s that time of year when CISOs must focus on the cycles of the business: budgeting, regulatory audits, risk mitigation, year-end reviews. Taking stock of the good, the bad and the ugly of the past 12 months and setting the stage for a productive and secure year ahead. We know you have a lot to consider, but here are 3 Items we hope you have on your list of to-dos:

    1. Completing Regulatory Requirements. Did you complete your audits for the year - PCI, NIST, ISO, HIPAA.? If not, get on that before the year is done! If so, great job. Now set the stage for any remediation that might be needed in the coming year. If a penetration test is needed, is it done? If not, schedule one asap.

    2. Evaluating Your External Network. Do you know your external network risk? Maybe the year got away from you and the testing you meant to complete was never done. If nothing else, make sure you have evaluated your organization’s external network and public footprint. Even if no major changes were put in place this year, the external network should always be evaluated, scanned and penetration tested annually. If mitigations are needed, make plans to put them into place soon.

    3. Assessing Your Security Staff. Have you assessed your team's capabilities and gaps this year? Maybe you are lacking in threat intelligence personnel, or the security compliance position has been vacant for some time and you are just making due. Maybe you need a security team to help fill in with technical validation and internal penetration testing (like us). Whatever the need, now is the perfect time to set the stage for the upcoming year. Move around team members if needed, but make sure the major areas of risk and responsibility are covered in your team, internally or using a vendor to help. 

    As the year closes out and you set the stage for a safe and effective year ahead, let us know if we can help!

  • Nov 03, 2022
    OpenSSL In the News

    Everywhere you look the past few days you read about OpenSSL. Recent news reported two vulnerabilities (CVE-2022-3602 and CVE-2022-3786) listed as 'critical' and initially comparable to the vulnerability Heartbleed. Since the initial reporting, these CVEs have been downgraded to 'high' so they are no longer the 'Heartbleed' status, but none-the-less, they are still important. 

    There are lots of articles out there right now regarding these and other OpenSSL vulnerabilities, the associated risks, and how to patch, so we won't go deep into that here. From our perspective, here are the top things you need to do to address this and other high priority updates

    1. Keep tabs on news sources. In this case, guidance was issued on October 25th warning IT administrators to check their asset inventory and prepare to patch when the update was available.

    2. Know your inventory. Are you at risk? Do you have OpenSSL in your environment? If you don't know, you cannot address the critical issues as they arise. Know where the software - in this case OpenSSL - is deployed in your environment so that you can ensure it is properly secured.

    3. Patch. Once you understand the issue, you have your inventory, and the patch is out, it is time to patch and/or upgrade. The updated version of OpenSSL was released on November 1st, so it is time to patch right now. What is your plan?

    4. Scan Regularly. Not every vulnerability will be highly publicized so make sure you (or a third-party) are performing vulnerability scans regularly so that you are not caught off-guard when an important vulnerability arises. Keep especially close tabs on your external environment and critical assets.

Popular Offerings

IT Security Healthcheck

    We provide a multi-leveled, custom IT Security Healthcheck of your technology environment leveraging a proprietary stack of tactical and operational checkpoints to deliver an analysis of the environment – within your needs and budget - to identify gaps and risks and provide actionable remediation steps with tiered goals.

NARC® Deception Technology

    Our patented NARC® technology identifies internal compromise or malicious insiders. By creating virtual targets and enticing malicious users to them through open services and potentially valuable data, organizations can root out illegitimate traffic and users quickly and without false positives.

PROTECT YOUR BUSINESS.
MITIGATE YOUR RISKS.

Dealing with security attacks has become a fact of doing business online. With the introduction of regulations to protect data,
this has become a critical area for businesses today.

Know your risks. Protect your data. Become compliant.