by Tim Marley As we move into CIS Control 6, Access Control Management, we're going to spend the next several weeks discussing how organizations determine who gets access to what. We begin with Safeguard 6.1: Establish an Access Granting Process. At first glance, this...
Trending at Forthright.
CIS IG1 5.4: How Everyday Admin Access Turned a Phish Into a Crisis
by Heath Gieson CIS IG1 Safeguard 5.4 states that administrator privileges should be restricted to dedicated administrator accounts, and that general computing activities such as email, internet browsing, and productivity work should be performed from a user’s...
CIS IG1 5.3 Dormant Accounts Are a Process Failure
by Heath Gieson Years ago, I worked with a client to implement multi‑factor authentication across their organization. As part of the project, they gave us a list of users who required MFA and explained that this represented all the active users in the business....
CIS IG1 Safeguard 5.2: Why Unique Passwords Still Matter in a Multi-Factor World
by Heath Gieson CIS Safeguard 5.2 is deceptively simple on the surface: Use unique passwords for all enterprise assets. Best practice implementation includes, at a minimum, an 8-character password for accounts using Multi-Factor Authentication (MFA) and a...
Security Complexity Is an Operational Risk
by Heath Gieson Most organizations do not set out to create a complex security environment. It usually happens one reasonable decision at a time. A new tool is added after an incident. Another is purchased to satisfy an audit finding. A third comes bundled with a...
You Can’t Manage What You Can’t See
by Tim Marley As we move into CIS Control 5, Account Management, we're going to spend a few weeks working through the individual safeguards. We're...
CIS IG1 Control 4.7: Manage Default Accounts on Enterprise Assets and Software
by Heath Gieson Manage Default Accounts on Enterprise Assets and Software As we continue through the CIS IG1 controls, a consistent pattern keeps...
More Updates Don’t Mean More Risk — They Mean Better Security
Why More Updates Are Coming — and Why That’s a Good Thing Over the next several weeks, organizations are likely to notice something familiar but...
CIS IG1 Control 4.6: Securely Managing Network Gear
When the Management Plane Becomes the Attack Plane by Heath Gieson A few years ago, I was sitting in a conference room with an executive team after...
Why “Default Closed” Is a Business Advantage: CIS IG1 Controls 4.4 and 4.5
by Heath Gieson Some attacks are sophisticated. Weeks of reconnaissance, carefully crafted messages, and quiet exploitation in the...
The Unlocked Screen in the Corner Office: What CIS Control 4.3 Requires and Why Biometrics Make It Easier Than You Think
by Heath Gieson Some attacks are sophisticated. Weeks of reconnaissance, carefully crafted phishing emails, vulnerabilities quietly exploited in the...
Secure by Design, Not by Accident: CIS Controls 4.1 & 4.2
by Heath Gieson Every device you deploy and every application you install arrives configured for ease of use, not security. When was the last time...
CIS IG1 Control 3.6: Encrypt Data on End User Devices—Because Lost Doesn’t Have to Mean Exposed
by Heath Gieson As we continue our weekly journey through the CIS IG1 controls, each safeguard builds on the operational foundations we’ve been...
Global Conflicts Escalate: 4 Critical Cybersecurity Changes For Businesses
When geopolitical tensions rise, widespread cyber activity follows. Recent attacks connected to events involving Israel, the Gulf States, and India...
