States Are Offering Carrots As Well As Sticks
For the past several years states have been passing privacy laws that impose stiff penalties on organizations that mishandle the personal information of their residents. However, a growing number of states have passed legislation that can provide legal “safe harbor” to those organizations that implement and maintain security measures based on a recognized cybersecurity framework.
Security Governance: The Eleven Most Important Functions of the Security Council
Cyber security is often considered the responsibility if the IT department. Nothing could be further from the truth. Although the IT team has certain responsibilities in deploying and maintaining security systems, the ultimate responsibility for maintaining a strong security culture lies with Senior Management.
Senior Management must first take on the responsibility of Security Governance. This means managing security as a process, not unlike many other functions within the company. As such, the implementation and management of the process falls to others within the organization under the leadership of senior management.
In order accomplish proper security governance, organizations should form a Security Council consisting of departmental leaders from all aspects of the organization and led by senior management…
Why CIS is the Best Security Framework for MSPs
A couple of months ago I wrote about the importance of adopting a security framework to give structure and process to securing your practice. I went over several common frameworks and debated the pros and cons of each. In this article I am going to delve into the reasons why the Center for Internet Security (CIS) Frame work is the best for MSPs.
When we compared the NIST and ISO Frameworks to CIS, we discovered that NIST and ISO were somewhat loose and vague in regards to what controls needed to be implemented in order to be compliant. Both standards leave a lot of leeway for alternative approaches to meeting the standard of the control. While this flexibility may be desirable in some situations, it can be confusing and lead to lapses in security…