Security Misconfiguration
Last week we touched on the basics of the Open Web Application Security Project® (OWASP) and why it should be used as a source of information for keeping your web applications secure. This week we are going to touch on one particular vulnerability from the OWASP Top 10 Web Application Security Risks - Security Misconfiguration.
I sat in the parking lot watching employees walk in the corporate office. Ready with my five dozen donuts, I waited until the perfect moment to see if I could infiltrate. It’s like the start of a great superhero movie - except starring Kevin James and not Christian Bale.
I had been hired by the company for a physical social engineering assessment. Only a few people (stakeholders and managers) within the company knew that this was occurring that day. The goal was to see if I could gain entry into the building unnoticed and once in, what I could access.
There are many frameworks and security models to refer to when working to secure your organization. Sometimes it can prove to be overwhelming. Today I’m going to talk about three action items that will make a significant difference in your overall security posture. Keeping in mind that there is no silver bullet to securing an organization, these three will certainly gain a great return.
People carry less cash in their wallets than they used to. Even when going to the ice cream stand in the middle of summer, a debit or credit card is swiped instead of cash being tendered. The reason for this is simple - it’s easier to swipe a card than it is to carry a load of cash in your wallet. This has become an extremely convenient option over the years when making purchases. However, as is often the case, convenience comes with risk.
Let’s face it. Security is expensive. Many organizations think of security as an unwanted expense when budgeting for the next fiscal year. However, no matter what industry an organization is in, security IS its business too.
Let’s face it. If you haven’t had a security incident within your organization, you will. Are you prepared? An IRP is a plan or playbook that needs to be established and practiced on a normal basis. When a breach happens, this is your playbook of who, how, and what steps to take to protect your organization and minimize impact. Let’s break down the steps of an Incident Response Plan (IRP).
This month’s release of the much-anticipated CMMC 2.0 left many of us in the world of cybersecurity shaking our heads. We have been working diligently with the defense industrial base for several years now, even before the CMMC was created, to stop the bleeding of our defense secrets to our adversaries. As a veteran and a Patriot, I, along with many other Americans, take this very serious problem personally.
Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.
There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want - building profitability and generating capital needed to make other improvements.
In this blog, we’ll examine some of the implementations that can deliver a good return on investment to a small business.