The context of the writing comes from my Systems Security & Auditing course. With innovation or process improvements comes risk, and if there is a risk, threat actors will exploit it. In today’s threat landscape, being vigilant isn’t an option but rather a must. If you are an executive, ask yourself if a data breach occurs, are you prepared to tell our customers and lawmakers you’ve done everything possible to protect the company’s data and assets and been compliant with regulatory laws? If the answer is, I’m not sure, or I don’t have the answer. Then you should consult with...
Continue reading...Course Writings
Cyber Threat Landscape (Pre-Attack) Reducing Social Media Footprint (part 1)
The context of this writing: I took a course on Designing and Building a Cybersecurity Program and have written many papers during the course. Below is a revised/shorten snippet from one of my essay papers. According to the New York Times, hackers are having a field day targeting employees on their social media platforms. This type of targeting isn’t anything new; however, it has been increasing and is attracting new hackers. For most employees, their activities outside of work, like social media platforms, are a personal endeavor they use to connect with friends and family members. Some don’t see how...
Continue reading...Cyber Threat Landscape (Pre-Attack) Reducing Social Media Footprint (part 2)
The context of this writing: I took a course on Designing and Building a Cybersecurity Program and have written many papers during the course. Below is a revised/shorten snippet from one of my essay papers. In 2020 our country was going through a crisis that has brought many states within our country to a standstill, and our healthcare organization’s services were being maxed out. During that time, our society’s immoral actors used chaos to launch cyberattacks campaigns on many healthcare organizations. These cyber-attacks started with reconnaissance work and information gathering. Many healthcare institutions were getting hammered with attacks reported by...
Continue reading...What if you are compromised by a Zero Day?
First, to mitigate zero-days, you must have systems and people in place that can quickly locate zero-day exploits and patch them as soon as found. However, zero-day exploits are the most challenging digital attack to prevent and fix; once they’re discovered, it takes highly skilled IT professionals to promptly understand the problem and its impacts on the organizational infrastructure. Once the discovery has been made, you’ll need to mobilize a team to get it done promptly. Mobilizing a team should have an Incident Response Plan. An incident response plan is a set of instructions to help IT staff detect, respond to, and...
Continue reading...Application Layered Security
In an IT organization, you have Layered Security which is layers of controls within your system. Think of it as an onion with multiple layers. At each layer, the controls prevent attackers from getting to the core. Building an application, you will also need these same types of layers of control. As a Web Application developer, I build layers of controls into applications, for example; the development application layers for security I would include are: The end-user layer: Write front-end code JS to sanitize strings and data, and validation where needed Adding Authentication using Multi Factor-Auth (MFA) Back-end controller authenitcaiton...
Continue reading...Platform Wars on Security
The argument between which platform is more secure is an ambiguous interpretation, and always someone’s selective measurement. No platform is more or less safe than its competitors, and it simply comes down to individual security hygiene and their level of security knowledge. If you’re one of those people who sees an 80% coupon in your email box and then click on the link(s), chances are you’re getting malware installed on your machine, in essence, an infected machine. This has nothing to do with Mac or Windows; it was simply someone being naive not to review the source URL and know...
Continue reading...What a New IT Executive Should know about SOX
The Sarbanes-Oxley Act (SOX) is a federal act passed in 2002 with bipartisan congressional support to improve auditing and public disclosure in response to several accounting scandals in the early-2000s. Within section 404 of SOX, there are key features that require the CEO and CFO to prove their internal controls’ effectiveness and have external accounting/auditing firms audit and attest. What do you have to know?External auditors and the organization have to develop a set of critical requirements. These requirements will allow the auditor to “work with others” by parallel auditioning financial statements and IT controls over financial reporting. The requirements...
Continue reading...