23 NYCRR 500

Training Wheels are Off – NYS DFS Transitional Period Finished

The two-year transitional period implemented by the New York State Department of Financial Services (NYS DFS) regarding their Cybersecurity framework, 23 NYCRR 500, finished this past March 1, 2019. This doesn’t mean the work ends here, but essentially it’s just getting started. The state of New York allowed institutions, or covered entities, a 24 month break in period before having to adhere to all phases per year. The training wheels are off and all phases will have to be obtained yearly moving forward.

cloud education

Cloud Services for K-12 School Districts

Natural disasters such as hurricane’s, earthquakes, and fire can put a school district’s data out of reach. These are obvious reasons to have a solid disaster recovery strategy in place. In the aftermath of Superstorm Sandy that hit the East Coast (NJ, NYC, and Long Island), there were several school districts that were unable to gain access to their systems for days or weeks after the storm had passed. This made it impossible to generate transcripts, pay bills, and in some cases, process payroll.

law firms

Legally Dangerous Attackers

Malicious actors are consistently and persistently looking for new avenues to compromise sensitive data and they’ve found one such entry through legal firms.

Legal firms play a unique role within the economy by being at the center of personal and business-related transactions. Legal firms are involved with large enterprises, governments, small businesses and individual cases. The data maintained by legal firms is both sensitive and valuable and attackers have taken notice. Legal firms are under a barrage of attacks due to the data and relationships they maintain. Many of these firms are focusing on user endpoints when it comes to reducing their risk.

social media

7 Ways Social Media Sabotages Your Cybersecurity

Social media can do wonders for you as an individual, as well as if you are running your own online business. It can help you build a loyal following, spread word and awareness about your brand, and reach out to other like-minded people, as well as customers. And the best about it is that it’s incredibly easy to do, since everyone you are looking for is already there. It is estimated that there will about 2.77 billion users on social media in 2019!

However, because the power of social media is so easy to utilize, most people let their guard down when it comes to cybersecurity, which can come back to haunt them at some point in the future, in a number of different ways. In order to avoid that, let’s take a look at seven ways in which social media sites sabotage your cybersecurity.

Vulnerability Management

Podcast: CISO Speak – Vulnerability Management in the Cloud

This months podcast features Matthew Pascucci, cybersecurity practice manager at CCSI, speaking with guest CISO Patricia Smith from Cox Automotive, on vulnerability management in the Cloud. Does vulnerability management change depending on deployment model? How to you measure cloud vulnerability metrics? Patricia Smith and Matthew Pascucci touch upon these and more in this podcast episode.

public sector tech security

Public Sector Tech Security: Take Care Before a Catastrophe Occurs

In today’s world, digital security is more important than ever. Long gone are the days where you only needed to worry about physical security for offices. Now, banks, law offices, government facilities, and private companies all depend on their technology being protected from a range of threats. It’s essential for a seamless continuity of daily life to identify and quickly respond to these threats as they occur.

cybersecurity career

So You want to Work in Cybersecurity, eh?!

There is a massive need for cybersecurity professionals today and the need is only growing. We’ve seen estimates of anywhere between 2-3 million vacant jobs over the next three years. The demand is definitely bullish and showing no signs of stopping. With this being said, breaking into an industry is always a difficult thing to do and nothing should be assumed, even with the massive demand of unfilled positions. Here are a few areas I’d suggest if you’re looking to not only get into security, but become successful.

MTTD and MTTR

What You Should Know About Driving Down MTTD and MTTR

Effectively connect people, process and technology to minimize MTTD and MTTR

There’s a reason it’s said that what gets measured gets managed. In order to successfully achieve a goal, you have to be able to measure progress. It’s the only way to know if you’re heading in the right direction.

That’s why any security operations team worth their salt will be paying close attention to both their mean time to detect (MTTD) and mean time to respond (MTTR) metrics when it comes to resolving incidents.

The average dwell time for attackers still sits somewhere within the ranges of 100 – 140 days and frankly, we can do better. Security operations teams need to be fanatical when it comes to lowering these metrics within their organizations.

Significantly reducing dwell time, MTTD and MTTR starts with an understanding of attacks. From there, you need multiple groups working together in harmony enabled by technology to automate and orchestrate incident response processes.