Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Policy compliance within the information security space can be an exhausting concept to wrap our heads around. Writing a policy document, publishing it to staff and then staying hands-on to ensure it is followed in perpetuity is easily seen as an arduous, if not an impossible, task. Policies set the basis for every successful information security initiative.

With the explosive growth of Microsoft 365, many companies are suddenly experiencing content sprawl at an unprecedented rate. What is content sprawl? It’s when your employees create unstructured content (files, chats, video) in the course of their workday, which then gets stored in multiple repositories, like SharePoint and OneDrive. Accelerate that in the context of a remote workforce, and you suddenly have content sprawling all over the place.

What if all your employees lost access to their data and tools right now? What if every platform you use to communicate with your staff and your customers went down right now? Companies rarely get an advanced warning that a disaster is about to strike. There is no time to prepare, and no time to protect your company from the fallout. That time has passed, and for companies without a business continuity plan, all that is left to do is lament how poorly prepared they were.

The Federal Risk and Authorization Management Program (FedRAMP) is a compliance program established by the US government that sets a baseline for cloud products and services regarding their approach to authorization, security assessment, and continuous monitoring.

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institute of Certified Public Accountants (AICPA).

With an escalating cybersecurity threat risk that doesn’t appear to be slowing down, the Department of Defense (DoD) has taken proactive measures in creating the Cybersecurity Maturity Model Certification (CMMC). The CMMC will soon be a requirement for any defense contractors or other vendors that are, or wish to be, working with the DoD .

Security log management is the process of collecting, storing, and correlating the network data that details all activity in your systems and networks. Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. The Center for Internet Security (CIS) identifies log management as a basic control for detecting malicious actors and software hiding in networks and on machines.

For years, the United Arab Emirates (UAE) has committed itself to adopting information technology (IT) and electronic communication. The UAE’s Telecommunications Regulatory Authority (TRA) noted that this policy has made the state’s government agencies and organizations more efficient as well as has improved the ability for individuals to collaborate around the world.