Next week I have the privilege to speak at the Augusta ISSA chapter meeting on June 25th. I will talk about the 20 Security Controls and how they can be implemented in any organization. This presentation will introduce the 20 Security Controls and provide real examples of how they can be implemented by leveraging existing […]
Sweet Spot – Patch Applications
Attacks against applications are certainly a growing threat to organizations. Some argue that as system administrators become better at configuring and patching their systems, the application is the next logical target of attack. What can be done at little to no cost to help prevent these threats to your environment? Every application that is installed […]
Sweet Spot – Patch Operating Systems
Microsoft Windows Software Update Services (WSUS)provides automated patching of Microsoft operating systems and products. The WSUS administrator can schedule categories of patches and schedule their installation. Also included is a reporting feature that can send daily reports via email to administrators notifying them of new patch releases and the status of their installation across the […]
Find Your Sweet Spot
Version 3 of the SANS 20 Security Controls includes integration by the leadership of the Australian Defense Signals Directorate. This includes 35 Mitigation Strategies that were developed and prioritized to prevent targeted computer attacks. Four of these are listed as mandatory and are known as the Sweet Spot. These are Patch Applications, Patch Operating Systems, Minimize the […]
Control 17: Penetration Tests and Red Team Exercises
Penetration testing is often confused with vulnerability assessments, as mentioned in Control 10. Penetration testing differs in that it involves attempted exploitation. Just like in Control 10, penetration testing should occur in each network zone to ensure adequate coverage. Track all open issues and document through confirmed remediation of all issues to be corrected. Determine […]
Control 16: Secure Network Engineering
Secure networks do not appear by accident. It starts with thoughtful planning and sound engineering principles. Seek out flaws in the current network design as an attacker would and correct all of the faults found in its design. By being intentional and meticulous, a true design can emerge and more importantly it will persist. A […]