January 2018 archive
"Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption.""
https://www.bleepingcomputer.com/news/security/rackspace-confirms-outage-was-caused-by-ransomware-attack/
#vciso #ransomware #cybersecurity
20 hours ago
CISA notifications are a great way to get the latest information about vulnerabilities. It's free to sign up! Great way to stay informed. #vciso #ciso #cybersecurity #vulnerabilities #cisa
https://www.cisa.gov/uscert/mailing-lists-and-feeds
1 week ago
I got a good chuckle out of this. Be careful what you click on. Phishing messages are getting trickier and trickier. #vciso #securityawareness #phishing
1 week ago
Having a good third-party management policy and regular review is crucial in today's environment. Additionally, knowing and tracking all of your assets, while tough, is also a critical aspect of a mature cybersecurity program. According to this article, the "average enterprise uses 1400 cloud services". This can be a lot of leg work to track. An asset can be anything from a physical system to a virtual appliance and anything in between. Understanding what your assets are, what their vulnerabilities or weak points might be, can help you develop remediation strategies.
https://www.darkreading.com/attacks-breaches/the-next-generation-of-supply-chain-attacks-is-here-to-stay
#vciso #cybersecurity #supplychain
2 weeks ago
Be very careful what you post online. While this is a funny comic, it's sadly true. Folks can over-share on social media and you never know who is watching. Never announce you'll be gone for long periods of time.
#cybersecurity #security #awareness
2 weeks ago
"The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe."
https://www.ftc.gov/news-events/news/press-releases/2022/11/ftc-extends-deadline-six-months-compliance-some-changes-financial-data-security-rule
#vciso #ciso #cybersecurity #ftc
2 weeks ago
This is a rather frequent question, what is the difference between a policy and a procedure?
Polices are the guidelines for the way your organization may tackle a certain task. Let's say your organization has a policy for endpoint protection right? That policy might say "all endpoints must have antivirus, a firewall turned on, drive encryption enable and MFA" - The policy is going to govern how the endpoints are protected, but it's not going to spell out how that is accomplished.
That is where the procedure comes into play. The procedures cover "how" the policy is to be implemented. So your procedure for endpoint protection might read something like "First we install CrowdStrike (A/V), then we enable the local Windows Firewall, enable BitLocker and install Duo for MFA" - something along those lines. It's going to spell out what steps need to be taken to ensure the policy is met.
#vciso #cybersecurity #policies #procedures #ciso #infosec #achubbard #alexhubbard #achsysadmin #thecybersecuritymindset
2 weeks ago
3 steps to protect your data
- Separate and classify your data
- Encrypt your data
- Purge your data
#vciso #encryption #datasecurity #cybersecurity
3 weeks ago
Phishing can be sophisticated. Think before you click.
#vciso #cybersecurity #phishing
3 weeks ago