You are viewing 'security controls'

Cloud Security: What to Expect

How to prepare for security in the cloud

David Biser

February 23, 2016 - Posted by David Biser to Security Insight

Cloud Security

In my recent blog post, we introduced the topic of cloud security and described tips to understanding a cloud environment. For this blog, I want to explain how a company can incorporate security into the cloud.

As more and more companies adopt the cloud service model and migrate their critical data to the cloud, security must rise to the forefront. If you neglect security in the beginning phases of adopting the cloud, then you are setting yourself up for failure.

Enhance control layers for cloud security

First, let us describe some control layers that you... read more >

Mapping the Critical Security Controls to the Cyber Kill Chain

Rob Kraus

October 22, 2015 - Posted by Rob Kraus to Security Insight

Webinar Ad

Last month, I had the pleasure of presenting an ISMG webinar with Jeremy Scott on the benefits of mapping the Center for Internet Security Critical Security Controls (formerly known as the SANS 20 Critical Security Controls) with the  Cyber Kill Chain® (as defined by Lockheed Martin), abbreviated as kill chain.

The webinar is based on the “Defense Strategies for Advanced Threats – Mapping the SANS 20 Critical Security Controls to the Cyber Kill Chain“ white paper published by Solutionary.

As we continuously look at ways to better approach security challenges,... read more >

Healthcare Security Checklist

Has your organization had a checkup lately?

Michelle Johnston

September 17, 2015 - Posted by Michelle Johnston to Security Insight


Wellness programs promote the idea of regular checkups and preventive healthcare solutions for our physical wellbeing, so it seems to make sense for healthcare organizations to regularly perform security “wellness” checkups to ensure the safety of the healthcare information they are responsible for. A motivating factor for healthcare organizations to perform security checkups is the five significant healthcare data breaches that have occurred so far in 2015. The total number of individuals impacted by these attacks has totaled 99.3 million and represents almost 70 percent of the 143.3 million individuals impacted by healthcare attacks since 2009.

Healthcare organizations need to be proactive and prepared to defend themselves against all types of attacks on healthcare information.

Healthcare Security Checklist

One way to be proactive and prepared is to perform periodic evaluations of security... read more >

Incident Response Impediments

Recent SANS survey reveals major impediments to Incident Response efforts

David Biser

September 15, 2015 - Posted by David Biser to Security Insight

Cyber Attacks Ahead

A recent white paper, “The Race to Detection: A Look at Rapidly Changing IR Practices” published by the SANS Institute and authored by Alissa Torres, sheds some reasonable light into the current state of incident response (IR) practices. The white paper surveyed a wide variety of incident response professionals for recommendations and experiences. All of the concerns from the various IR professionals resonated with what I have seen in my experience as an incident responder. 

The report states that the threat landscape is rapidly changing; with many respondents to the survey reporting that cyber attackers are increasing in their sophistication and efficiency. In fact, many of the criminal organizations involved in cybercrime are adopting the same techniques and tools... read more >

Lobby Security and Beyond – Week 7 of 7

Developing Policy, Training Employees and Ensuring Compliance

Brad Curtis

April 30, 2015 - Posted by Brad Curtis to Security Insight

Last weeks’ post, Lobby Security and Beyond – Week 6 of 7: Utilizing Signage Effectively, offered guidance on how to use signage as a communication tool. This final blog in the seven week Lobby Security blog series, covers the importance of defining and publishing policies, providing training to employees and ensuring compliance.


It is very important to develop policies regarding the physical security measures you implement. These policies will help to define your security standards, and ultimately integrate with your overall security plan. Once you define your policies, be sure to get executive sponsorship for those policies, and then publish and communicate the policies to the organization.

Two items not... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)