Tag Archive for: Compliance

10 Tips for Better Security and Easier Compliance

/in


During the past couple of weeks, we’ve have been publishing daily tips to help you improve your cybersecurity and ease your path to compliance with frameworks such as SOC 2 and ISO 27001. We thought we’d kick off 2023 by providing all 10 tips in a consolidated list.

Tip #1: Security Awareness Training for All

Both SOC 2 and ISO 27001 require you to deliver security awareness training to your employees. A learning management system (LMS) such as Curricula or Infosec IQ can help you deliver the training and document having done so.

Tip #2: Scan Your Cloud-Based Services for Vulnerabilities

The cloud-based services your company uses can include vulnerabilities that can disrupt or damage your operations, so you need to be able to scan for, identify and resolve any such risks. The leading hyperscalers, or large-scale cloud service providers, offer tools for this important task.

Tip #3: Manage Your Onboarding (and Offboarding)

You want to ensure your onboarding and offboarding processes are consistent, efficient and timely. Such features can improve recruitment and retention. They can also improve framework compliance and security by ensuring everyone knows the rules and the penalties for not following them. A human resource information system (HRIS) such as TriNet can help. 

Tip #4: Cover Your Assets

You need to maintain an accurate and complete asset inventory because you can’t manage or secure what you don’t know you have. You also need to manage and secure all mobile devices for framework compliance and better security. Jamf is an example of a popular mobile device management (MDM) solution for Apple devices. And if your users’ devices include Mac laptops, FileVault is built-in disk drive encryption, another layer of protection. Investigate similar solutions and features for all your assets, mobile or not.

Tip #5: Background Checks for All New Hires

SOC 2 and ISO 27001 both require them. Tools such as Checkr make them easier to execute and document.

Tip #6: Check Your Vendors’ Compliance

AWS, Google, and Microsoft are all SOC 2 compliant and ISO 27001 certified. You need to ensure all your other vendors are too, for better security and to meet framework requirements….

Source…

CISO Topics: Mobile Security & Data Privacy in Enterprises

/in



Why discovery is the key to both cybersecurity and compliance

/in


When it comes to modern cybersecurity, many security analysts see the network as their friend, one of their strongest lines of defense. In reality, the network is just as often the enemy, hiding vulnerabilities and obscuring the information you need to defend your enterprise.

But by using existing–and often ignored–tools plus a few others, that network can again be a trusted ally.

Two Infoblox senior specialists–Bob Rose, Sr. Product Marketing Manager, DDI & Value-Added Services and Bob Hansmann, Sr. Product Marketing Manager, Network Security–did a podcast together where they explored how security can have far better visibility and, therefore, far tighter security and much easier compliance.

What did they discuss? Let’s start with DHCP error messages.

“Let’s say you get a DHCP server error message. It could be that the server fails in a network where you only have one DHCP server. Or it might be where all available addresses have been allocated. That’s another cause for DHCP failure. It could be that your network server failed,” Rose detailed. “It could be that there was a configuration change that affected the DHCP packet relay. You know that that happens on occasion. Or perhaps there’s another configuration mistake that happened during a new installation a little bit later.”

That’s all within the system, with technology not playing well with other technology. Then there are the many end-user hiccups, including glitches from IT.

“People are making configuration errors. Now there are products out there that will test your configuration. Those are still evolving because even as we were preparing to go live today, you’re talking about some tools that we all use. Consider the Facebook management platform. They just changed their whole UI, the platforms and those tools to do that,” Hansmann said. “They exist but they’re all in such a chaotic level of evolution, that we still have this configuration error problem. There are now vulnerabilities because somebody configured something wrong. So having just this management history here of knowing who did what, but it also applies if I trace the incident because of a vulnerability in some system where…

Source…

Indian Business Leaders Say Hybrid Cloud is Critical to Modernization, Yet Security, Skills and Compliance Concerns Impede Success

/in


New market research from IBM revealed that in India 85% of respondents have adopted a hybrid cloud approach which can help drive digital transformation, yet the majority of responding organizations are struggling with the complexity to make all their cloud environments work together. As organizations face skills gaps, security challenges, and compliance obstacles, only 30% of Indian respondents manage their hybrid cloud environments holistically – which can create blind spots and put data at risk.

The IBM Transformation Index: State of Cloud commissioned by IBM and conducted by independent research firm, The Harris Poll, was created to help organizations map their cloud transformation and empower them to self-classify their progress. Built on a foundation that leverages insights from experienced cloud professionals, enterprises can use the Index to gain measurable metrics that can help quantify their progress and uncover areas of opportunity and growth. The Index consisted of more than 3,000 business and technology decision-makers from 12 countries and across 15 industries including financial services, manufacturing, government, telecommunications and healthcare, to understand where organizations are advancing, or merely emerging, on their transformation journeys.

The Index points to a strong correlation between hybrid cloud adoption and progress in digital transformation. In fact, 76% of those surveyed think it’s difficult to realize the full potential of a digital transformation without having a solid hybrid cloud strategy in place. At the same time, only 39% of Indian respondents said that they have proven the benefits of the cloud and are now focused on using it more fully. So, why the disconnect? A sample of findings include:

  • Compliance: Businesses believe ensuring compliance in the cloud is currently too difficult– especially as we see enforcement of regulatory and compliance requirements heat up across the globe.
  • Security: While businesses have embraced a variety of security techniques to secure workloads in the cloud, concerns about security still remain.
  • Skills: As organizations face the realities of a talent shortage, they are failing to implement a holistic…

Source…