You are viewing 'security controls'
How to prepare for security in the cloud
In my recent blog post, we introduced the topic of cloud security and described tips to understanding a cloud environment. For this blog, I want to explain how a company can incorporate security into the cloud.
As more and more companies adopt the cloud service model and migrate their critical data to the cloud, security must rise to the forefront. If you neglect security in the beginning phases of adopting the cloud, then you are setting yourself up for failure.Enhance control layers for cloud security
First, let us describe some control layers that you... read more >
Last month, I had the pleasure of presenting an ISMG webinar with Jeremy Scott on the benefits of mapping the Center for Internet Security Critical Security Controls (formerly known as the SANS 20 Critical Security Controls) with the Cyber Kill Chain® (as defined by Lockheed Martin), abbreviated as kill chain.
The webinar is based on the “Defense Strategies for Advanced Threats – Mapping the SANS 20 Critical Security Controls to the Cyber Kill Chain“ white paper published by Solutionary.
As we continuously look at ways to better approach security challenges,... read more >
Has your organization had a checkup lately?
Wellness programs promote the idea of regular checkups and preventive healthcare solutions for our physical wellbeing, so it seems to make sense for healthcare organizations to regularly perform security “wellness” checkups to ensure the safety of the healthcare information they are responsible for. A motivating factor for healthcare organizations to perform security checkups is the five significant healthcare data breaches that have occurred so far in 2015. The total number of individuals impacted by these attacks has totaled 99.3 million and represents almost 70 percent of the 143.3 million individuals impacted by healthcare attacks since 2009.
Healthcare organizations need to be proactive and prepared to defend themselves against all types of attacks on healthcare information.Healthcare Security Checklist
One way to be proactive and prepared is to perform periodic evaluations of security... read more >
Recent SANS survey reveals major impediments to Incident Response efforts
A recent white paper, “The Race to Detection: A Look at Rapidly Changing IR Practices” published by the SANS Institute and authored by Alissa Torres, sheds some reasonable light into the current state of incident response (IR) practices. The white paper surveyed a wide variety of incident response professionals for recommendations and experiences. All of the concerns from the various IR professionals resonated with what I have seen in my experience as an incident responder.
The report states that the threat landscape is rapidly changing; with many respondents to the survey reporting that cyber attackers are increasing in their sophistication and efficiency. In fact, many of the criminal organizations involved in cybercrime are adopting the same techniques and tools... read more >
Developing Policy, Training Employees and Ensuring Compliance
Last weeks’ post, Lobby Security and Beyond – Week 6 of 7: Utilizing Signage Effectively, offered guidance on how to use signage as a communication tool. This final blog in the seven week Lobby Security blog series, covers the importance of defining and publishing policies, providing training to employees and ensuring compliance.Policy
It is very important to develop policies regarding the physical security measures you implement. These policies will help to define your security standards, and ultimately integrate with your overall security plan. Once you define your policies, be sure to get executive sponsorship for those policies, and then publish and communicate the policies to the organization.
Two items not... read more >