A few weeks ago, we published the Business Email Compromise (BEC) Checklist. The question arose – what if you’re new to security, or your security program isn’t very mature?
Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.
Bitcoin “Proof of Work”: 51% of Accountants Agree!
Source: Fox Photos/Getty Images
Those are the “accountants”, all working independently to validate bitcoin transactions.
I’ve read the original white-paper that is often cited as the foundation of the cryptocurrency, and particularly the “bitcoin“, phenomenon.
See: https://bitcoin.org/en/bitcoin-paper
The author is the mysterious “Satoshi Nakomoto“, who may be Japanese, or may be a collection of people, or may be (my take) some blockchain instance from the future that has developed self-awareness and has traveled back through time, using the identity of Satoshi to create itself.
Recently, we posted the Business Email Compromise (BEC) checklist. We’ve gotten a lot of great feedback on the checklist…as well as a few questions. What if you’re new to security? What if your organization’s security program is newer, and still maturing? How can you leverage this list?
Since the checklist is based on the NIST model, there’s a lot of information here to help your security program mature, as well as to help you mature as a security practitioner. MSI’s engineers have discussed a few ways to leverage the checklist as a growth mechanism.
Some security controls can’t reach maximum effectiveness unless other, related controls are also in place. This is the case with system security maintenance and configuration control. If you don’t tie these controls to well maintained and updated inventories of all network assets you are bound to see vulnerabilities cropping up on your systems.
Hi, all –
Time for a bedtime story? A little light reading? Something to listen to on the treadmill?
Come listen to our CEO, Brent Huston, riff on blockchain, trust models, and ancillary bits.
The audio is HERE. And the accompanying slides are HERE.
Until next time, stay safe out there…take care of earth, it’s the only planet with chocolate!
If you would like to know more about MicroSolved or its services please send an e-mail to info@microsolved.com or visit microsolved.com.
Positive Train Control: Skating away on the thin ice of a new day?
From the movie “The Polar Express“
That line: “Skating away on the thin ice of a new day” is from a Jethro Tull song by the same name. (Yes – I am that old 😉 ).
It came to me as I was reflecting on the reading I’ve been doing on the topic of “Positive Train Control“ (PTC).
PTC is an idea rather than any specific technology or architecture. Continue reading
Promise me you’ll return to this blog piece, but go ahead and open a new tab and search for “stolen laptop.” Filter the search results for a specific year. Or refine the search within an industry, eg. healthcare or financial. Too many results. Too many incidents. The U.S. Department of Health and Human Services, Office for Civil Rights, has a breach portal – https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf – only incidents involving more than 500 PHI records are in the database. Search for theft of laptop.
MSI has recently received requests from a variety of sources for guidance around the configuration and management of business e-mail, in particular the preponderance of business email compromise (BEC). Phishing attacks increased almost 500% in the previous year, as reported by Proofpoint.
In this episode of the MSI podcast, we discuss recent issues involving AWS misconfigurations that led to incidents, common problems, the importance of proper configurations to avoid these issues and how we can help you identify them in your environment.
If you would like to know more about MicroSolved or its services please send an e-mail to info@microsolved.com or visit microsolved.com.
What isn’t an Internet of Things device these days?! Companies are literally flooding the consumer market with smart chip-equipped devices you can control with your iPhone or Android (which themselves are equipped with smart chips – sigh!). Smart bike locks, smart egg trays, smart water bottles, smart dental floss dispensers, smart baby-changing pads!! These are all real devices.