I've always enjoyed what CIS has to offer. I have previously written about the Top 20 Controls, as well as the MS-ISAC program. Good stuff. Now, it's time for a CIS Controls update! Some of my favorite changes include consolidation and reorganization of controls,...
Category
Governance, Risk, Compliance
Getting Started with Information Security Policies
Information Security Policies are a big part of a comprehensive cybersecurity program. This blog has its share of security policy content, as I was heavily involved with this four years ago. But this topic is important to review, especially if you are just now getting...
Top 20 CIS Controls for Cybersecurity Best Practices
If you spend any amount of time with technology or security, from the enthusiast level to the enterprise level, you will come across benchmarks and best practices. Not only is it good to know things are working as intended, it's also a good idea to compare your...
Intro to NIST Cybersecurity Framework (CSF)
You might be hearing the buzz of the NIST Cybersecurity Framework (CSF). What started as a popular framework to help track and secure critical infrastructure in 2014 is now becoming widely adopted by all types of organizations. Plenty of predictive statistics suggest...
No More Complex Passwords – Reviewing NIST SP 800-63-3
The United States National Institute for Standards and Technology (NIST) 800-63(b) publication was updated to reveal a very important change. One of the more fascinating examples is not relying on complex passwords. This has been an interesting read. I highly...
Tech Toys Can’t Solve All Security Problems
Security isn't just a tech issue. If you go into thinking your gear is your security program, you're leaving yourself open to hurt. Tech toys can't solve all security problems. Many obvious problems can be mitigated with simple configurations and preventative...
HIPAA Data Cloud Requirements
We started the HIPAA discussion with a brief intro back in late 2015. Late the following month, we continued the discussion with a deeper dive into HIPAA. Now, let's test the bounds of the "P" in HIPAA by looking at HIPAA data cloud requirements! Mission Keep ePCR,...
A Deep Dive Into HIPAA
HIPAA, the Health Insurance Portability and Accountability Act, defines patient rights and standards for protecting health information. We briefly explored this topic in the post Exploring Regulated Information: HIPAA Data in December. Now, let's go into a HIPAA deep...
Cybersecurity Insurance Basics
The Department of Homeland Security (DHS) defines cybersecurity insurance [1] as guaranteed coverage for various cyber incidents. This topic can go pretty deep but this post will briefly cover cybersecurity insurance basics. The types of cyber incidents this specialty...
Your Trolling Definition is Wrong
It's always good to keep your door open to constructive criticism when creating documents or anything else. Sometimes, you get amazing feedback, and sometimes, you just get noise. I'm sure you've experienced both ends of the feedback spectrum. I would like to share an...
Other Categories
Certifications
Cybersecurity Program
Cybersecurity Quotes
Gainful Employment
Governance, Risk, Compliance
Security Concepts
Read More Posts
You can expect content designed to help you understand cybersecurity concepts, careers, implementation, frameworks, and more.
All cybersecurity levels are welcome.