"Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind an ongoing Hosted Exchange outage described as an "isolated disruption.""
#vciso #ransomware #cybersecurity
CISA notifications are a great way to get the latest information about vulnerabilities. It's free to sign up! Great way to stay informed. #vciso #ciso #cybersecurity #vulnerabilities #cisa
Having a good third-party management policy and regular review is crucial in today's environment. Additionally, knowing and tracking all of your assets, while tough, is also a critical aspect of a mature cybersecurity program. According to this article, the "average enterprise uses 1400 cloud services". This can be a lot of leg work to track. An asset can be anything from a physical system to a virtual appliance and anything in between. Understanding what your assets are, what their vulnerabilities or weak points might be, can help you develop remediation strategies.
#vciso #cybersecurity #supplychain
Be very careful what you post online. While this is a funny comic, it's sadly true. Folks can over-share on social media and you never know who is watching. Never announce you'll be gone for long periods of time.
#cybersecurity #security #awareness
"The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe."
#vciso #ciso #cybersecurity #ftc
This is a rather frequent question, what is the difference between a policy and a procedure?
Polices are the guidelines for the way your organization may tackle a certain task. Let's say your organization has a policy for endpoint protection right? That policy might say "all endpoints must have antivirus, a firewall turned on, drive encryption enable and MFA" - The policy is going to govern how the endpoints are protected, but it's not going to spell out how that is accomplished.
That is where the procedure comes into play. The procedures cover "how" the policy is to be implemented. So your procedure for endpoint protection might read something like "First we install CrowdStrike (A/V), then we enable the local Windows Firewall, enable BitLocker and install Duo for MFA" - something along those lines. It's going to spell out what steps need to be taken to ensure the policy is met.
#vciso #cybersecurity #policies #procedures #ciso #infosec #achubbard #alexhubbard #achsysadmin #thecybersecuritymindset