Next week I have the privilege to speak at the Augusta ISSA chapter meeting on June 25th. I will talk about the 20 Security Controls and how they can be implemented in any organization. This presentation will introduce the 20 Security Controls and provide real examples of how they can be implemented by leveraging existing […]
What if Tomorrow Was the Day? – Repost
I recently had my first guest diary published on the SANS Internet Storm Center Diary. I have enjoyed the material on the ISC site for many years and consider it an honor to contribute. I hope this is helpful information that you can use to be better prepared for your next computer security incident.
Sweet Spot – Minimize the Number of Users with Domain or Local Administrator Privileges
Gaining access to administrative accounts is often the goal of an attacker. What can you do to ensure that only the appropriately trained and fully accountable people have and maintain administrative access on your systems? This effort must start with an accurate inventory of every account with elevated access and must be strictly maintained. The […]
Sweet Spot – Patch Applications
Attacks against applications are certainly a growing threat to organizations. Some argue that as system administrators become better at configuring and patching their systems, the application is the next logical target of attack. What can be done at little to no cost to help prevent these threats to your environment? Every application that is installed […]
Sweet Spot – Patch Operating Systems
Microsoft Windows Software Update Services (WSUS)provides automated patching of Microsoft operating systems and products. The WSUS administrator can schedule categories of patches and schedule their installation. Also included is a reporting feature that can send daily reports via email to administrators notifying them of new patch releases and the status of their installation across the […]
Find Your Sweet Spot
Version 3 of the SANS 20 Security Controls includes integration by the leadership of the Australian Defense Signals Directorate. This includes 35 Mitigation Strategies that were developed and prioritized to prevent targeted computer attacks. Four of these are listed as mandatory and are known as the Sweet Spot. These are Patch Applications, Patch Operating Systems, Minimize the […]