Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How to Build a Cybersecurity Awareness and Training Program

Cybersecurity professionals possess many tools to reduce risk. However, it is no accident in a field so concerned with technology that technological tools are often prioritized over others: as the Law of Instrument says, “if the only tool you have is a hammer, it is tempting to treat everything as if it were a nail.” Therefore, cybersecurity professionals should not neglect the other tools, such as awareness and training.

So, You Want to be Compliant. Now What?

Cybersecurity compliance frameworks serve two functions: (1) they voluntarily provide a roadmap for organizations to follow to create robust, sustainable cybersecurity programs and (2) they mandatorily serve as legal or regulatory obligations to which organizations must demonstrate adherence. The ultimate intent of cybersecurity frameworks, regardless of their underlying function, is to reduce cybersecurity risk.

Highlights from The Rochester Security Summit 2023

October’s a fun month in the cybersecurity field, and not just because of the costumes and candy. Since it was designated as the National Cybersecurity Awareness Month in 2004, October’s always packed with great events, such as the Rochester Security Summit (RSS). RSS has been a leading regional cybersecurity conference in Upstate New York since 2006, where hundreds of attendees gather to share about the latest advancements in the field.

What is Zero Trust

Zero Trust is a cybersecurity philosophy that rejects the idea of offering implicit trust to traffic based on network location. In other words, Zero Trust views all traffic as potentially malicious, regardless of whether it originates from a traditionally trusted network source, and therefore requires all traffic to be scrutinized to determine whether access should be granted to a specific resource.

Say Hello to the NIST CSF 2.0

In August, NIST released the final draft of the highly anticipated update to its Cybersecurity Framework (CSF). The final draft is likely very close to what the final version will be when NIST releases it in early 2024. Therefore, it’s worth becoming familiar with the draft and beginning to plan how to use the NIST CSF 2.0 as a tool to strengthen your own cybersecurity posture.

Vulnerability Management - What you need to know

Vulnerability management (VM) is the process of detecting, prioritizing, remediating, and auditing security vulnerabilities in systems and software. This critical process minimizes the organization’s “attack surface” by installing the most current software updates and properly hardening computer configuration.

Network Detection and Response: Your FAQ's Answered

NDR provides another layer of visibility into what has or is currently happening on the network. Through this lens, you can detect threats that may be missed with perimeter and host-based tools such as firewalls, logs, and endpoint detection. You can also monitor devices that cannot be monitored through logs or have agents deployed on them, such as many IoT devices. NDR enables threat hunting through packet data, providing an authoritative source for validation.

What's in the Proposed Amendment to 23 NYCRR 500?

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.