New “Cybersecurity Safe Harbor” Legislation Passed in Ohio
What you need to know to take advantage of this new protection.
Vince Salvino Sept. 10, 2018
Ohio has enacted a new law called the Data Protection Act, which will go into effect on November 2, 2018. Under this new law, businesses which take reasonable cybersecurity precautions that meet certain industry standards will be afforded a “safe harbor” against claims alleging that a fail...
Getting Back to the Basics: Policy, Policy, and More Policy, topped with Mind Map Planning
Part 2 of 3 in a series on the CIS Critical Security Controls
Jeremy Mio Aug. 17, 2016
Policy, Policy, and some Policy... topped with mind map planning! Critical Controls – Part 2 So a while back I discussed the critical control basics, mentioning policy and planning as the necessary foundation before implementing any type of security methodology, specifically the Center of Intern...
Filed under Security
.NET 4.6.2 Security Enhancements
Latest release of .NET brings stronger encryption and FIPS support
Vince Salvino Aug. 16, 2016
.NET 4.6.2, released earlier this month, is loaded with great enhancements and updates. In particular, it seems that Microsoft was very focused on security. Being a "dot" release, it is compatible with 4.6 and with 4.0 on your IIS servers. Because of the great new security enhancement...
Getting Back to the Basics: A False Sense of Security
Part 1 of 3 in a series on the CIS Critical Security Controls
Jeremy Mio July 12, 2016
Everything always comes back to the basics. Yet fast forward to today: blinking boxes, digital cyber sandboxing action, and artificial behavioral intelligence immune cyber systems! Hopefully these fancy systems identify how many authorized or unauthorized devices are on our network… or inventory...
Filed under Security
Morgan Stanley Breach Puts Value on Client Trust
Client data siphoned over 3 years leads to $1 million fine.
Vince Salvino June 9, 2016
For 3 years between 2011 and 2014, something nasty was happening on Morgan Stanley's network, but the firm had no idea. Then from December 2014 through February the next year 730,000 customer accounts were leaked online. Was this a highly sophisticated attack? No. Was this the result of a forei...
Making Executives Aware of Cyber Risks
Do you have a process for documenting security items that do not get approved budget and resources?
Jeremy Mio Nov. 25, 2015
Does any IT Security department ever have enough budget, resources, etc.?The answer is usually no; we are all familiar with this.How can all of the under-staffed IT Departments, and more so under-budgeted Security departments, protect the critical assets and functionally of their business? Mo...