The Information Security industry has created a confusing and large variety of Information Security Standards (Cyber Security Standards), frameworks and maturity models.
By the end of this blog you should understand what each of the major standards cover, how it came into existence and if it is relevant to your business.
Somewhere between updating your Disaster Recovery plan and setting up multi-factor authentication, you probably recall that it’s time you conducted a penetration test for your network. If you have the skills and the time internally to do this, I recommend that you make sure that your pen test covers the following 5 key steps. These steps work regardless of whether you are completing a small-scale web application pen test or a full network pen test for a global organisation. Footprinting / Reconnaissance Footprinting or Reconnaissance is the initial intelligence gathering performed on a target organisation. This involves identifying firewalls, routers and building a map of the network. During this step, the security tester gathers important company information. This could include org charts, company policies, physical addresses, current events and details of key personal such as email addresses, CVs and phone numbers. Once the security tester gathers this information, they can then identify key targets, potential vulnerabilities and attack vectors. Scanning Scanning adds a lot of information to your network map. It is about uncovering more detailed host information. It might consist of Operating System information and versions, hosted applications, open ports and network ranges. This information expands your network diagram…Read More
Securing the cloud - Satalyst is excited to announce our new Security and Automation Practice. "Through 2025, 99% of cloud security failures will be the customer’s fault. 1
"Whether you use Public, Private or a Hybrid cloud solution, any cloud offering is only as secure as how you have configured it. In nearly all cases, security breaches happen due to misconfiguration, inappropriate access controls or mismanagement by third party providers.