Strong Authentication Considerations for Digital, Cloud-First Businesses

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets.  The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine. In this climate of advanced cyber threats and motivated cyber criminals, organizations need […]

Continue Reading

How DevOps and CIS Security Controls Fit Together

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though […]

Continue Reading

What Is GitOps and How Will it Impact Digital Forensics?

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex cloud […]

Continue Reading

Center for Internet Security (CIS) Controls v8: Your Complete Guide to the Top 18

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both […]

Continue Reading

What Is ISO/IEC 27017?

More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said that their organizations had suffered a severe cloud security data leak or breach in the past 12 months. Looking forward, eight in 10 survey participants […]

Continue Reading

How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004.  It was updated in December 2018 to revision 2. This was the result of a Joint Task […]

Continue Reading

CIS Control 18 Penetration Testing

Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has […]

Continue Reading