How DevOps and CIS Security Controls Fit Together

The Center for Internet Security’s Critical Security Controls has become an industry standard set of controls for securing the enterprise. Now on version 8, the original 20 controls are down to 18 with several sub controls added. The first six basic controls can prevent 85 percent of the most common cyber attacks, and even though […]

Continue Reading

What Is GitOps and How Will it Impact Digital Forensics?

GitOps is arguably the hottest trend in software development today. It is a new work model that is widely adopted due to its simplicity and the strong benefits it provides for development pipelines in terms of resilience, predictability, and auditability. Another important aspect of GitOps is that it makes security easier, especially in complex cloud […]

Continue Reading

Center for Internet Security (CIS) Controls v8: Your Complete Guide to the Top 18

The Center for Internet Security (CIS) controls are a relatively short list of high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve its cyber defense. Initially developed by the SANS Institute and known as the SANS Critical Controls, these best practices are indispensable to organizations both […]

Continue Reading

What Is ISO/IEC 27017?

More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said that their organizations had suffered a severe cloud security data leak or breach in the past 12 months. Looking forward, eight in 10 survey participants […]

Continue Reading

How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for “Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach,” which has been available for FISMA compliance since 2004.  It was updated in December 2018 to revision 2. This was the result of a Joint Task […]

Continue Reading

CIS Control 18 Penetration Testing

Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has […]

Continue Reading

The Cyber Assessment Framework: Guided Cyber Resilience

Remember how, just a few years ago, many organizations were striving to be cyber secure? Over the last years, it seemed that crowing about one’s cybersecurity posture became the very thing that mocked every organization that was the victim of a newsworthy compromise. Many organizations began augmenting their previously acclaimed security posture towards one of cyber […]

Continue Reading

CIS Control 16 Application Software Security

The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to bypass network […]

Continue Reading