12

Feb 2019

Phantom Users: Deception and Pass the Hash Attacks

Deception in cyber defense Using deception in cyber defense isn’t a new concept. Honeypots, computers with false data designed to have vulnerabilities to lure attackers to keep them occupied, have been around since before the turn of the century. Honeynets, networks of honeypots intended to mimic a legitimate network, were not far behind. By providing some “low-hanging fruit” for attackers to spend their time on,...

Read More


06

Feb 2019

In-House SOC or MSSP?

With every study and high-profile data breach publicized, it becomes more apparent that companies need to make protecting their systems more diligently. This leads to the question of whether an organization should go with an in-house SOC or MSSP (managed security service provider). In this article we will discuss considerations for each. Is My Organization at Risk of Cyber Attack? A survey conducted by KPMG...

Read More


31

Jan 2019

How Managed Security Can Help Reach PCI Compliance

The PCI DSS standard is designed to ensure the security of credit card data. Any organization that stores, transmits, or processes credit card information must comply with the requirements of the PCI DSS standard. The organization must pass third-party audits designed to test this compliance. What Do I Need to Do for PCI Compliance? In order to be compliant with PCI DSS, an organization needs...

Read More


22

Jan 2019

Implementing Defense in Depth in the Cloud

Many companies assume their cloud vendor is responsible for and has adequate tools, policies and procedures in place for protecting the data with which they are entrusted. While this is true to some extent, consumer data protection laws such as GDPR hold the owner of the data responsible if the cloud service is compromised. “Using cloud services does not transfer the company’s risk to the...

Read More


16

Jan 2019

Should I Go Through HITRUST Certification Even If It’s Not Required?

The HITRUST CSF is a set of security controls designed to help organizations that work with sensitive healthcare data to become more secure. Since HITRUST is gaining traction, many organization decision makers are asking the question, “Should my company go through HITRUST certification even though we’re not required to do so?”. This article explores what it means to be HITRUST certified and the benefits of...

Read More


07

Jan 2019

Introduction to the MITRE ATT&CK Framework

What is the MITRE ATT&CK Framework? MITRE’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) framework is a collection of information about advanced persistent threats (APTs) that commonly target enterprise networks. The goal of the framework is to collect all relevant and available information about these groups and organize it in a way that makes it accessible and usable for enterprise security teams. The framework was...

Read More


02

Jan 2019

What You Need to Know About HIPAA Risk Assessments

The Health Insurance Portability and Accountability Act (HIPAA) describes how organizations that store, process, maintain, or transmit Personal Health Information (PHI) must handle this sensitive information. HIPAA is comprised of the Privacy Rule, the Security Rule, and the Breach Notification Rule which collectively mandate how patient privacy should be ensured and how the sensitive health data should be protected. One component of HIPAA is the...

Read More


17

Dec 2018

Sword & Shield Announces HIPAA Compliance Case Study

Award winning national information security and compliance firm helps company gain confidence in bidding for new contracts KNOXVILLE, Tenn. December 17, 2018 – Sword & Shield Enterprise Security, a leading national cybersecurity and compliance firm headquartered in Knoxville, Tennessee, announced today the release of a new HIPAA compliance case study. The case study documents how CTS Software, the developer of TripMaster, enlisted Sword & Shield’s...

Read More


10

Dec 2018

Moving from Threat Intelligence Consumer to Producer

Most organizations are threat intelligence consumers, purchasing or collecting publicly available information about current cybersecurity threats. In this article, we discuss the value of becoming a threat intelligence producer and how an organization can do so with minimal in-house cybersecurity resources. What is Threat Intelligence? Threat intelligence is a term generally used to mean “any useful information for detecting and protecting against cyberattacks”.  Examples include...

Read More


04

Dec 2018

Using Application Whitelisting to Stop Malware

Phishing attacks are one of the most common methods attackers use to breach organizational defenses and gain access to the network. In many cases, the purpose of the phishing attack is to execute malicious software on the target computer. Developing and enforcing an application whitelist is one way organizations can dramatically decrease the threat these phishing attacks pose to their corporate cybersecurity. This article explains...

Read More



Page 2 of 1912345...10...Last »