by Heath Gieson CIS IG1 Safeguard 5.4 states that administrator privileges should be restricted to dedicated administrator accounts, and that general computing activities such as email, internet browsing, and productivity work should be performed from a user’s...
by Tim Marley As we move into CIS Control 5, Account Management, we're going to spend a few weeks working through the individual safeguards. We're starting with 5.1: Establish and Maintain an Inventory of Accounts. This control comes back to a principle we've already...
by Heath Gieson Manage Default Accounts on Enterprise Assets and Software As we continue through the CIS IG1 controls, a consistent pattern keeps emerging. Many security incidents don’t begin with advanced techniques or sophisticated tooling. They start with simple,...
Why More Updates Are Coming — and Why That’s a Good Thing Over the next several weeks, organizations are likely to notice something familiar but more pronounced than usual: an uptick in software updates across devices, operating systems, browsers, and applications....
When the Management Plane Becomes the Attack Plane by Heath Gieson A few years ago, I was sitting in a conference room with an executive team after what everyone thought was a routine network outage. We started examining the firewall that had been in place for years....
by Tim Marley Over the last few weeks, we have been building the foundation of a responsible data management program. In CIS Control 3.1, we talked...
by Tim Marley Over the last few weeks, we have talked about knowing what data you have and who has access to it. CIS Control 3.1 – We discussed the...
by Tim Marley We have spent the last two weeks in the CIS Controls series talking about data management and data inventory. Knowing what you are...
by Heath Gieson It usually starts the same way. An alert comes in overnight. Maybe it is an email from a security vendor. Maybe it lands in a shared...
by Tim Marley Last week we talked about data management at a high level. The operating model, the responsibility, the reality that organizations are...
by Heath Gieson For healthcare organizations, cybersecurity and compliance are no longer just IT concerns—they are material financial risks...
by Tim Marley Over the course of my career, and particularly in the last five to ten years, the topic of data management comes up frequently....
Most organizations assume that corporate devices only run approved software. In reality, that assumption is often wrong. Users are inherently...
Most security conversations focus on what software exists in an environment. CIS Control 2.2 pushes the conversation one step further by asking a...
