-
Mitigating Supply Chain Risks: The Importance of Vendor Security Assessments
Read more: Mitigating Supply Chain Risks: The Importance of Vendor Security AssessmentsAs a society, we have come to depend on vendors and managed service providers to assist in business functions ranging from trivial to critical. These services we rely on support internal functions, client services and ultimately help companies grow and operate. Therefore, the importance of the security surrounding each solution should not be understated. However, …
-
Breaking Down Silos: Enhancing Security Through Collaboration
Read more: Breaking Down Silos: Enhancing Security Through CollaborationAt CTInfoSec, we work with a diverse range of clients across various industries and sizes. Despite their differences, many face the same challenge: operating security in a silo. For security teams of all sizes, it is crucial to break out of these silos and regularly engage and collaborate with groups inside and outside the organization.…
-
Streamlining Cybersecurity Operations: The Power of Automation
Read more: Streamlining Cybersecurity Operations: The Power of AutomationIn today’s fast-paced digital world, can your cybersecurity processes keep up? Operational processes are essential in cybersecurity, helping achieve consistent, repeatable outcomes. However, balancing controls and efficiency remains a constant challenge for infosec professionals. Key Points to Consider: Automation can greatly expand a team’s capabilities by offloading tasks, freeing up resources, and delivering consistent results.…
-
Maximizing Value from Security Data
Read more: Maximizing Value from Security DataAs cybersecurity professionals, we regularly encounter outputs from tools, scores, reports, rankings, risks, and more. How can we effectively sift through this vast amount of data to create value beyond what automation delivers? Let’s explore a few approaches that may help. Understand the Context of Security Data There are no hard and fast rules for…
-
Creating a Cybersecurity Program from Scratch
Read more: Creating a Cybersecurity Program from ScratchIn today’s digital age, creating a robust cybersecurity program is essential for protecting your organization’s data and reputation. Developing a cybersecurity program from scratch can be a significant undertaking, but with careful planning and management, it can be done effectively. Here is one pathway to consider: Plan Your Approach Before getting too far into planning,…
-
AI Under Scrutiny: Evaluating and Mitigating Key Security Risks
Read more: AI Under Scrutiny: Evaluating and Mitigating Key Security RisksAs Artificial Intelligence (AI) becomes increasingly integral to daily operations, ensuring its security is paramount. Testing the security of Large Learning Models (LLMs) has evolved into a complex task, necessitating new tools and playbooks that are still under development. A common question we encounter is: What are the known risks to AI today, and how…
-
Beyond the Main Gate: Securing Overlooked Authentication Paths
Read more: Beyond the Main Gate: Securing Overlooked Authentication PathsThe 1983 movie WarGames taught us that “Back doors are not secrets!” This remains true today, as many previously undocumented or secondary access methods are regularly uncovered and disclosed. These hidden access types can range from hard-coded credentials to authentication bypasses. While the issues often stem from exploits or poor coding practices, sometimes they are…
-
NIST CSF 2.0: Enhancing Governance and Risk Management in Cybersecurity
Read more: NIST CSF 2.0: Enhancing Governance and Risk Management in CybersecurityNIST recently released an update to its Cybersecurity Framework (CSF), version 2.0. As advocates of the CSF, we recognize it as a flexible starting point for organizations across various industries to manage risk. While we often customize some categories or add additional focuses, CSF 2.0 addresses many of these needs with its updates. A significant…
-
3 AI Security Risks to Consider
Read more: 3 AI Security Risks to ConsiderThe rush to integrate Artificial Intelligence (AI) into product lines and solutions has organizations seemingly leaping before they look. Without a doubt, the generative AI future looks bright, but as with any new technology, the security of the solutions must be taken into account to minimize risk to your organization. Let’s consider just a few…
-
Take Stock of Your Progress
Read more: Take Stock of Your ProgressAnother year is nearly closing out so now is the time to start taking stock of your progress and plan for things to come. Whatever small hops or large leaps you made in your organization’s security this past year, write it down, quantify it where possible, and give yourself a pat on the back. Maybe…
-
SaaS Security – is your data safe?
Read more: SaaS Security – is your data safe?As organizations aim to become more efficient or just take advantage of the new products in the marketplace, Software-as-a-Service (SaaS) vendors are becoming more and more a part of the organizational ecosystem. We would love to tell you that every SaaS vendor puts best practice security controls in place and that they have all done…
-
HIPAA Compliance – Where do I start?
Read more: HIPAA Compliance – Where do I start?Through working with many healthcare and health related companies here at CTInfoSec, we often hear the questions, “I need to be HIPAA compliant; how do I make sure I am? Where do I start?” Understanding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rule and its components is critical if your organization is…
