Time again for my annual list of information security tips and tricks for keeping your identity and information safe over the holidays and all year round.
’Tis the Season (To Not Get Hacked!) — 2021 Edition
It Ain’t Over Till It’s Over
And it’s never over…. If the log4j crisis has proven anything, it is in justifying why the Center for Internet Security (CIS®) Top 18 controls are so vital. Rather than mandating controls to counter every possible attack vector (NIST 800-53 et al), the CIS Top 18 controls are periodically refreshed and reprioritized based on real-world … Continue reading It Ain’t Over Till It’s Over
Additional steps to remediate log4j
Log4j remediation is much more than just patching. Here are additional steps you may not have considered in your Log4j response: Do you know if you have Log4j, or any of the other libraries in which Log4j is embedded, in the apps you have developed internally? (You do have a way to track and manage … Continue reading Additional steps to remediate log4j
No organization is immune
PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14. PwC, as reported by Brian Krebs, conducted a great post mortem analysis of the ransomware attack on Ireland's public health system. It highlights two persistent failures that I see consistently. For all the harping on log4j (the latest disaster … Continue reading No organization is immune
HRM Draft: Chapter 4 – Know Their Attacks
Once you know what threats are most concerning to your business, you next need to look at the common ways in which these attacks are carried out. The aim of this chapter is to teach you the primary means by which threat actors will attack organizations. You will use knowledge in the next chapter to … Continue reading HRM Draft: Chapter 4 – Know Their Attacks
Heuristic Security 