IaaS and the Shared Responsibility Model

  A note to vendors: Infrastructure as a Service (IaaS) != secure/compliant applications, it can, but doesn’t by default. Why are people putting their servers and applications in IaaS providers like AWS and Azure? They can get a cheap, fast and secured data center to host their servers/applications. But that doesn’t mean they get the same thing they would in a locally managed data center within their company.  Amazon lists… Read More »IaaS and the Shared Responsibility Model

NIST Guide for Cybersecurity Incident Recovery

NIST, National Institute for Standards and Technology, just released a new guide for incident response and recovery for a cyber security incident. What is a Cyber Security Incident? According to NIST Special Publication 800-61, Computer Security and Incident Handling Guide, an event is any observable occurrence in a system or network. Events include a user connecting to a file share, a server receiving a request for a web page, a… Read More »NIST Guide for Cybersecurity Incident Recovery

The Hitlist: Compliance

This post is focused on compliance and cyber security.¬† What we mean is if your organization is attempting to become compliant to an industry standard or regulation, these are things that will have to be considered and more than likely implemented across the board for things such as PCI-DSS, HIPAA, ISO27k, FISMA and more. ¬†Here is a hitlist for things to consider when planning to meet a compliance standard: 1.… Read More »The Hitlist: Compliance