Companies suffer from cyber attacks every day, testing their defenses and their preparation. How to respond to a cyber attack is a key step in reducing damage or fallout from these attacks. A poor response can result in harming your reputation, loss of life or injures in the event of an OT attack, loss of […]

Supply chain security is a cybersecurity challenge with multiple touch points between vendors and partners, contractors and others. It’s important that you are doing what you can to enforce proper supply chain security best practices. Being able to support vendors while protecting your data and processes is critical to your business. We’ve previously discussed the […]

Passwords are an important part of your security and also one of the easiest ways that hackers gain entry into your network. User credentials are constantly under attack. That’s why we’re talking about common password security mistakes and what you should do to avoid them. We’ve discussed password security best practices before. We also talked […]

As you look to implement a Zero Trust architecture, it’s critical to move away from the inherent trust permitted in the traditional Castle and Moat architecture. Our network security maturity model will help clarify the different levels of implementations on your path to achieving more sophisticated network defense. While working on your implementation, we also […]

The new CIP-005-7 version has added a new requirement (R3), are you aware of this change? This new standard is coming into effect on October 1 and the controls to achieve the requirement must be in place prior to the effective date. Has your organization found a solution to meet the new requirements? For those […]

Organizations struggle with password security and getting to the bottom of password management best practices can be tough. There are many systems in a modern organization needing password protection. Each also offers varying levels of password complexity. Organizations can suffer serious fallout from a breach when an account’s password is compromised, therefore the need for […]

The TSA released an updated version of its cybersecurity requirements for pipeline owners and operators. The revised TSA pipeline security directive aims to further enhance security and resilience after releasing their first security directive last year in July. The original TSA pipeline security directive followed in the wake of the Colonial Pipeline attack, which we […]

Segmenting your network adds layers and security zones to it, dividing it into multiple segments acting as their own network. This is a key piece in the Zero Trust architecture, as we covered in our Zero Trust series here. For those looking to introduce a sophisticated network defense and enable Zero Trust, these network segmentation […]

Least-privileged, role-based access is a critical part in achieving Zero Trust security. Our role based access control best practices highlight what you should do both when implementing it and while you are enforcing it. If you are still at the beginning of your journey for implementing role-based access control, you will also find our Secure […]

Your device baselines are a critical part in your cybersecurity. While many baseline configuration management implementations are done to appease regulatory and compliance requirements, the true benefit is to your security. Our baseline configuration management maturity model reviews the maturity levels (0-3) of a BCM implementation. As you achieve higher levels of BCM maturity, you […]