Security Governance: The Eleven Most Important Functions of the Security Council
Security Governance, Risk Management, CyberSecurity Mark Jennings Security Governance, Risk Management, CyberSecurity Mark Jennings

Security Governance: The Eleven Most Important Functions of the Security Council

Cyber security is often considered the responsibility if the IT department. Nothing could be further from the truth. Although the IT team has certain responsibilities in deploying and maintaining security systems, the ultimate responsibility for maintaining a strong security culture lies with Senior Management.

Senior Management must first take on the responsibility of Security Governance. This means managing security as a process, not unlike many other functions within the company. As such, the implementation and management of the process falls to others within the organization under the leadership of senior management.

In order accomplish proper security governance, organizations should form a Security Council consisting of departmental leaders from all aspects of the organization and led by senior management…

Read More
The SASE Architecture was Built for the Post COVID World
Secure Access Service Edge, CyberSecurity, Firewall, SD-WAN, Post Covid Mark Jennings Secure Access Service Edge, CyberSecurity, Firewall, SD-WAN, Post Covid Mark Jennings

The SASE Architecture was Built for the Post COVID World

I've said it before only to be proven wrong…but I believe the end of the pandemic phase of COVID-19 is near. We seem to be entering the endemic phase where we learn to live with COVID-19 long term. The same is true for some of the changes that Covid has foist upon us. Specifically, that of the hybrid remote worker. Gone are the days of the Monday through Friday office commute for many in the aftertimes. According to a recent Info-Tech Research poll, 79% percent of companies survey said they would maintain a mix of in-office and home office workers long term. For many employees this is a long-overdue and welcome shift.

However, organizations have been struggling to adapt their security systems to this new work model. The security footprint of the organization has grown exponentially to include the residences of many of their employees. The traditional method of granting access to the corporate network involved providing the employee a VPN connection. This provided the "tunnel" by which remote workers could access internal resources such as databases, files shares, and other applications. Security was provided at the edge of the corporate network. In recent years many organization implemented a "Next Generation" Firewall at the corporate edge as well. The NG Firewall converged many technologies such as Web-filtering, anti-malware, Data Loss Prevention (DLP), and SD-WAN into a single device. As the gatekeeper before most internal resources and end users this was an appropriate approach.

However, as more and more internal resources are moving to the cloud and the dramatic increase in remote work, enforcing security at the corporate edge begins to make less sense…

Read More
Why CIS is the Best Security Framework for MSPs
Risk Management, Security Framework, CIS, MSP Mark Jennings Risk Management, Security Framework, CIS, MSP Mark Jennings

Why CIS is the Best Security Framework for MSPs

A couple of months ago I wrote about the importance of adopting a security framework to give structure and process to securing your practice. I went over several common frameworks and debated the pros and cons of each. In this article I am going to delve into the reasons why the Center for Internet Security (CIS) Frame work is the best for MSPs.

When we compared the NIST and ISO Frameworks to CIS, we discovered that NIST and ISO were somewhat loose and vague in regards to what controls needed to be implemented in order to be compliant. Both standards leave a lot of leeway for alternative approaches to meeting the standard of the control. While this flexibility may be desirable in some situations, it can be confusing and lead to lapses in security…

Read More