Bridging The AutoLiance Gap

Bridging The AutoLiance Gap for PCI, SOX, SOC2, NIST, NERC Compliance

Automation is now the core mantra for all businesses. Getting the maximum utility out of every piece of software and service investment you have made is the natural way of things. With software orchestration frameworks, python, shell scripts and monitoring tools nearly every company now has it within its grasp to increase efficiency to the max. There is a downside here though. In this race to automate everything and anything under the sun, often times compliance teams are left holding [...]

Comply with NIST 800-171 easily by employing PAM

Comply with NIST 800-171 easily by employing PAM

NIST is an organization that helps craft policy for cyber-security and technology. NIST is well known and has released since early 2015 guidelines called 800-171. The NIST 800-171 deals with how to handle "Controlled Unclassified Information (CUI)". This pertains to unclassified information that resides in non-federal systems - like vendors who sell to the federal government. In this article we will talk about how Privileged Access Management (PAM) can help with satisfying criteria for NIST 800-171. it is important [...]

The Biggest Privileged Account Management (PAM) Challenges that Organizations Face

The Biggest Privileged Account Management (PAM) Challenges that Organizations Face

Privileged account management is a key part of an organizations overall security. These accounts need to access sensitive data and systems, which means that they present significant vulnerabilities that insider threats or outside attackers can take advantage of. There are many challenges involved in managing privileged accounts, simply because there is so much more at stake than regular user accounts. There is a complex balance between security and ease of access, with organizations needing to implement adequate infrastructure and a [...]

Four Best and Efficient Practices for Managing Privileged Accounts

Four Best and Efficient Practices for Managing Privileged Accounts

Large business organization have managed their privileged accounts (administrator accounts), and many others embedded accounts by using only one system to communicate with each other with different level of access (editing, updating, reading etc.), and the required system is achieved from IT infrastructure. A number of practices are available to CTO, CIO, CISO, etc. to defend organizations from cyber-attacks. While this article cannot be completely exhaustive of the subject (entire books would be required), in the following paragraphs, in a not specific order, will be [...]

Making FFIEC cybersecurity compliance simpler for Banks

Making FFIEC cybersecurity compliance simpler for Banks

Making FFIEC cybersecurity compliance simpler for Banks. FFIEC stands for the Federal Financial Institutions Examination Council. The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. In 1989, title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) established The Appraisal Subcommittee (ASC) within the Examination Council. Quoting from [1] - The FFIEC [...]

Implement Principle of Least Privilege for HIPAA

Hello again! HIPAA, one of the most commonly mentioned compliance regimes (in addition to many others like PCI, SOC I,II , FISMA, FedRamp) is based on some core principles that aim to protect the data your company is transacting back and forth internally or externally. These core principles are tied into an easy to understand construct: The principle of least privilege (POLP). Even though it makes good sense and its easy to say - Duh! of course - we [...]

Easily Complying with CIS/CSC 20 controls

Welcome to a brave new world where governments have started to recognize the significant work being done by security groups to shore up our defenses against malware, data compromise and account misuse. A prime example of this is the California Attorney General's statement which puts emphasis on making sure that businesses understand it’s not going to be business as usual anymore. In this article we will talk about what CIS 20 controls stands for and the highlights of the Attorney [...]