Cyber Security Blog: Cyber Security, IT security, Network Security, Website Security, and Risk Assessment Services

Blog Categories

Security Governance - Align security with the organization
Security Manager - Managing the security process
Organization Manager - Risk management and compliance
Security Engineer - Top 10 Lists and Technical Tips

	Security Governance - align security with the organization Security Policy Templates - Security Governance Security policies help ensure systems and data are protected from accidental or intentional actions that impact information availability, confidentiality, or integrity. For many organizations, creating security policies can be time and cost prohibitive. In addition, an organization may not have the knowledge or experience needed. Fortunately, a better solution exists - security policy templates ready made to help organizations meet security and compliance requirements. Tags: security policies \| information security policy \| cyber security policy \| it security policy \| security policy templates Security Policies - Manage your Risks Security policies are documents developed and implemented by an organization to manage security related risks, meet business requirements, and comply with regulations. Security policies specify the controls and actions to be performed (what needs to be done) and are approved by senior management to ensure they are in line with the organization's overall level of risk tolerance. Are your security policies sufficient and effective? Tags: security policies \| information security policy \| cyber security policy \| it security policy \| security policy templates Start with Security Policies Many businesses use an ad-hoc approach to securing information. Policies and procedures help organizations manage and control information security risks. Tags: security policies \| policies and procedures \| information security policy \| security policy \| security policy template Privacy and Compliance, Who Owns the Data? When a security breach occurs, who owns the data and whose information has been compromised? Is it the organization’s or the customer’s information? privacy \| privacy compliance \| privacy audit \| data ownership Top 10 IT Audit Questions and Answers Security audits help organizations meet compliance and security requirements. Make the most of your IT audit by knowing the top 10 IT audit questions and answers. security audit \| it audit \| network security audit \| security audit q&a \| security audit questions and answers \| security audit top 10
	Security Manager - managing the security process IT Audit - Identify and Reduce your Risks IT audits help identify risks and ensure security controls are sufficient and effective at protecting your systems and data. IT audits help ensure information availability - systems and data are available when needed, confidentiality - information is available only to authorized parties, and integrity - information is accurate, complete, and safeguarded from intentional, unauthorized, or accidental modification. Tags: it audit \| security audit \| it security \| cyber security \| network security \| data security Top 10 Network Security Audit Considerations Network security audits help organizations identify security risks to systems and data, meet compliance requirements, and provide peace of mind to the organization and its customers. Find out the Top 10 network security audit considerations. Tags: network security audit \| it audit \| it security audit \| network security \| cyber security audit Why the Internet of Things (IoT) is a Risk to Your Organization Many organizations adopt Internet of Things (IoT) devices without fully recognizing privacy issues, risks involved, security challenges, and regulatory requirements. Traditional security concepts (e.g. vulnerability management, patch management, change management, etc.) that apply to network infrastructures are not sufficient and need additional controls when implementing IoT devices. Tags: internet of things \| iot \| internet of things risks \| iot risks How Much is your Data Worth? Many organizations use a bottom up approach to security. They implement firewalls, passwords, anti-virus protection, and backups. Without fully knowing the value of their data, security systems may not be properly aligned with the needs of the organization. Tags: data worth \| align security \| security controls \| network security audit The Perimeter Isn't Secure, Encrypt Your Data Hackers and unauthorized intruders use creative ways to by-pass security systems and gain access to data. Even with all of the appropriate controls in place your organization may still be at risk of a security breach. Use encryption to protect your data and you may also be exempted from various state and federal data breach notification laws. Tags: data breach \| data encryption \| breach notification \| database encryption \| data security Penetration Testing - Do you Know the Question? An information security penetration test (pen test) is a systematic probing of a system for vulnerabilities. In most instances, the assessment is performed externally, from a remote location. Do you know the answer to the most important question? Tags: penetration testing \| pen test \| penetration test \|external security audit Ransomware - Hackers are Holding your Data Hostage Ransomware can encrypt files on hard drives, lock the computer, and display messages enticing the computer user to pay a fee. Take steps to protect your valuable data. Tags: ransomware \| cryptolocker \| security audit \| security assessment Website Security and Web Application Security If automated vulnerability scanners caught all security risks, hackers would be out of business and security personnel wouldn't have much to do. In reality, automated vulnerability scanners are only one tool used in the process of identifying and managing security risks. Tags: website security \| web site security \| penetration test \| website security audit Security Audits - a Subscription Security is an on-going process and leading organizations are taking a subscription approach to security assessments. With new vulnerabilities discovered on a daily basis, a system that is secure one day may be completely wide open the next. Tags: network assessment \| security assessment \| security audit \| website security audit \| penetration test \| pen test Physical Security Enhances Information Security Business executives are concerned about protecting their sensitive data and intellectual property. In addition to implementing firewalls and anti-virus solutions, management needs to be aware of physical security threats. Tags: risk assessment \| physical security \| physical security audit \| physical security assessment Security Suite or Best of Breed? When choosing an enterprise security solution for your organization is it better to choose an all encompassing security suite from one vendor or select the best software in each class even if it means using a number of different vendors? Tags: risk assessment \| security software \| security suite \| antivirus software Five Steps to Securing Sensitive Information Safeguarding sensitive data helps ensure that you meet your obligation to your customers, affiliates, and employees. Altius IT's five Simple steps you can take to secure sensitive information. Tags: information security \| data security \| network security A SMART Guide to Managing Social Media Risks Altius IT's SMART guide is a five step approach to managing social media risks that can lead to information disclosure, compromise of your data, and loss of system availability. Tags: social media security \| social networking security \| social networking threats \| social networking risks
	Organization Manager - Risk management and compliance Security Policies - Manage your Risks Security policies are documents developed and implemented by an organization to manage security related risks, meet business requirements, and comply with regulations. Security policies specify the controls and actions to be performed (what needs to be done) and are approved by senior management to ensure they are in line with the organization's overall level of risk tolerance. Are your security policies sufficient and effective? Tags: security policies \| information security policy \| cyber security policy \| it security policy \| security policy templates Top 15 Mobile Device Threats Smartphones and mobile devices may contain sensitive data such as credit card numbers, authentication information, personal data, and activity logs (i.e. calendar events, tasks, call logs). Discover the Top 15 Mobile Device Threats that can compromise the integrity of the device, disclose personal information, and result in unauthorized wireless charges. Tags: mobile device \| smartphone \| threats \| vulnerabilities What to do if You've Been Hacked Hackers, competitors, crime syndicates, and nation states all want your data. It is important to have security safeguards and controls but what do you do if you've been hacked? Tags: hacked \| data breach \| attack \| compromised Compliance Does Not Equal Security Many business managers assume that meeting compliance requirements and regulations means that the organization has sufficient and effective controls in place to protect against security breaches. Unfortunately, compliance does not equal security. Tags: compliance audit \| data security \| it audit \| network security audit Identity Theft - Protect Customer Information Identity theft involves the unauthorized acquisition of a person's personally identifiable information (PII). Security breaches are one of the main sources of identity theft. Take these steps to protect sensitive information from a security breach. Tags: identity theft \| ID theft \| identity fraud \| data breach \| cybersecurity A Customer Centric Approach to Patching Systems Customers demand more than features and functionality. Top down management support is needed to migrate to a customer focused approach by addressing security vulnerabilities in a timely manner. Tags: patch management \| software patching \| software as a service \| security patching \| customer security \| client security Risk Management in Five Easy Steps IT risk management includes all of the activities that an organization carries out to manage information technology related risks. For many organizations, IT risk management can be performed in five easy steps. Tags: risk management \| risk assessment \| risk treatment Cloud Computing - Thunder and Lightning on your Horizon? With Cloud Computing, your staff uses browsers to access software that runs outside the organization on Internet servers. Like any technology, Cloud Computing and Software as a Service (SAAS) has its risks. Tags: cloud computing \| risk assessment \| software as a service \| saas Start with Security Policies Many businesses use an ad-hoc approach to securing information. Policies and procedures help organizations manage and control information security risks. Tags: security policies \| policies and procedures \| information security policy \| security policy \| security policy template Compliance and Database Risk Management Sarbanes-Oxley (SOX), California Senate Bill 1386, HIPAA, PCI, the Gramm-Leach-Bliley (GLB) Act, and other regulations were enacted to help protect information. Are you restricting access to sensitive information? Tags: network security audit \| compliance audit \| database audit \| risk management Mitigating Information Security Risks IT systems are a double edge sword. Not only do they increase employee productivity and reduce costs, they also increase risks as intellectual property and sensitive information are stored in a central location. There is more than one way to address each risk. Tags: risk reduction \| mitigate risks \| risk activities \| eliminate risks \| risk management Smartphone Security Today's smartphones come with advanced features such as the ability to connect to the Internet, download applications, store pictures and videos, use wireless connectivity, etc. While smartphones increase productivity, they also come with risks. Tags: smartphone security \| cell phone security \| phone security \| mobile device security Mobile Payment Solutions and Risks Mobile payment solutions are a quick and easy way to make retail purchases. For the service provider, imagine the benefits of being able to track consumer buying history with their current location. While payment solutions offer convenience, they also come with risks. Tags: mobile payment \| smartphone payment \| cell phone payment \| electronic wallet Social Engineering and Social Networking - Your Users are a Target Social engineering and social networks can be used to manipulate your staff into performing actions or divulging confidential information. Security education and awareness training help educate your users of the risks they face and the impact on the organization. Tags: social engineering \| social networking \| social networks \| user security training \| risk assessment \| social engineering assessment Are you Managing your E-mail Risks? E-mail is critical to the success and operation of most organizations. Without e-mail, organizations are less efficient and can’t compete against larger, and more established firms. Are you aware of all of your e-mail risks? Tags: risk assessment \| email risks \| email risk management Are you Maximizing your Cloud Opportunities? Cloud technology has expanded and allows almost any IT related resource to be offered as a service. By knowing the types of Cloud environments available, you can make informed business decisions and ensure you are maximizing your use of the Cloud. Tags: cloud environment \| software as a service \| saas \| types of clouds \| everything as a service \| anything as a service
	Security Engineer - Top 10 lists and technical tips Chip Security Vulnerabilities Chip manufacturers have disclosed vulnerabilities in their software that can lead to unauthorized disclosure of sensitive information. The vulnerability exists in workstations, servers, cloud computing environments, and mobile devices. Tags: chip security vulnerabilities \| intel chip vulnerability \| amd chip vulnerability \| arm chip vulnerability Heartbleed OpenSSL Vulnerability On a daily basis users rely on encryption to protect their sensitive data. A vulnerability in the way encryption is handled may result in the unauthorized disclosure of IDs, passwords, credit card data, session cookies, and other sensitive information. Tags: heartbleed \| openssl \| memory bug \| encryption vulnerability Top 10 Cybersecurity and Network Security Tips Altius IT's Top 10 tips to securing your sensitive data and intellectual property help identify and quantify IT related strengths and weaknesses and helps you focus on those areas that create the most value for your firm. Tags: top 10 security tips \| hackers \| network security audit \| risk assessment \| security assessment Top 10 Hacker Tools and Techniques By understanding how hackers gain access to systems, organizations can stay a step ahead and ensure information availability, integrity, and confidentiality. Altius IT's list of the Top 10 Hacker Tools and Techniques. Tags: Top 10 hacker tools \| hacker tricks \| hacker techniques Top 10 Cloud Computing Threats With 24x7 availability and accessible by almost any device with a browser, cloud computing allows organizations to scale their IT infrastructure and software applications as needed. However, like any technology, cloud computing has its risks. Tags: cloud computing \| cloud computing threats \| cloud computing threats \| cloud risks Top 10 Wireless Network Risks Many organizations are installing and implementing wireless networks. To help business managers make informed decisions, Altius IT provides our list of the Top 10 wireless network risks. Tags: Top 10 wireless network \| wireless network risks \| wireless network security Top 10 User Wi-Fi Safeguards Your users are your first line of defense. They need to play an active role in helping to protect information systems. We provide the Top 10 steps uses should take when using wireless networks. Tags: wi-fi network \| wireless networks \| wi-fi connectivity \| mobile computing \| wireless communications Top 10 Windows Vulnerabilities By understanding Windows based vulnerabilities, organizations can stay a step ahead and ensure information availability, integrity, and confidentiality. Altius IT's list of the Top 10 Windows Vulnerabilities. Tags: Top 10 Windows vulnerabilities \| security audit \| security assessment \| network security \| workstation security