A Vulnerability Scanner Is Not a Vulnerability Management Program As we move into CIS Control 7, Continuous Vulnerability Management, we're going to spend several weeks discussing how organizations identify and address weaknesses in their technology environments. We...
Trending at Forthright.
CIS IG1 Safeguard 6.5: Require MFA for Administrative Access
by Heath Gieson This final article in the MFA mini‑series focuses on the accounts that hold the highest level of trust within an environment. The previous safeguards address where and how access occurs. This safeguard focuses on who holds the keys....
Why 84% of Companies Fail at Digital Transformation. And Why That Number Hasn’t Moved.
Why 84% of Companies Fail at Digital Transformation. And Why That Number Hasn't Moved. By: Frank Merino Nearly a decade ago, Forbes published a survey finding that 84% of companies fail at digital transformation. Since then we've gotten better cloud platforms, better...
CIS IG1 Safeguard 6.4: Require MFA for Remote Network Access
by Heath Gieson This article continues our CIS IG1 identity series by extending MFA protections beyond public applications and into the pathways users rely on to connect back to internal systems. If externally‑exposed applications define the front door, remote...
CIS IG1 Safeguard 6.3
Require MFA for Externally‑Exposed Applications This article is part of our ongoing CIS IG1 series focused on practical, high‑impact security controls. In this section of the framework, identity takes center stage. Rather than focusing on new tools or complex...
CIS IG1 Control 6.2 – Establish an Access Revoking Process
by Heath Gieson If access granting is where intent is established, access revoking is where discipline is revealed. Most organizations do not...
Access Control Management: Access Should Be Granted Intentionally
Access Should Be Granted Intentionally By Tim Marley As we move into CIS Control 6, Access Control Management, we're going to spend the next several...
CIS IG1 5.4: How Everyday Admin Access Turned a Phish Into a Crisis
by Heath Gieson CIS IG1 Safeguard 5.4 states that administrator privileges should be restricted to dedicated administrator accounts, and that...
CIS IG1 5.3 Dormant Accounts Are a Process Failure
by Heath Gieson Years ago, I worked with a client to implement multi‑factor authentication across their organization. As part of the project,...
CIS IG1 Safeguard 5.2: Why Unique Passwords Still Matter in a Multi-Factor World
CIS IG1 Safeguard 5.2: Why Unique Passwords Still Matter in a Multi-Factor World By Heath Gieson CIS Safeguard 5.2 is deceptively simple on the...
Security Complexity Is an Operational Risk
Security Complexity Is an Operational Risk by Heath Gieson Most organizations do not set out to create a complex security environment. It usually...
You Can’t Manage What You Can’t See
by Tim Marley As we move into CIS Control 5, Account Management, we're going to spend a few weeks working through the individual safeguards. We're...
CIS IG1 Control 4.7: Manage Default Accounts on Enterprise Assets and Software
by Heath Gieson Manage Default Accounts on Enterprise Assets and Software As we continue through the CIS IG1 controls, a consistent pattern keeps...
More Updates Don’t Mean More Risk — They Mean Better Security
Why More Updates Are Coming — and Why That’s a Good Thing Over the next several weeks, organizations are likely to notice something familiar but...




