News
-
Smashing Security podcast #255: Revolting receipts, a Twitter fandango, and shopkeeper cyber tips
“Demonically” possessed devices print out antiwork propaganda, advice on how to secure your store, and is Twitter’s new photo privacy policy practical? All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Dinah Davis. Read…
-
NSA Guidance: Zero Trust Applied to 5G Cloud Infrastructure: Parts 1 and 2
Part 1 of a 2-part series By: Kathleen M. Moriarty, CIS Chief Technology Officer and active participant in the Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework (ESF) Working Group The Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework (ESF) Working Group is an industry and government partnership which…
-
Hear from the Experts with these Cybersecurity Podcasts
The selection of podcasts – on everything from gaming to movies to sports – has exploded in recent years. Whatever topic you’re interested in, chances are there’s a show for you. So what if you’re looking to learn more about an important and complex subject like cybersecurity? Where should you start and whom can you…
-
Preventing the Most Common Cyber-Attacks with Cybersecurity Training
Many offices are operating with a hybrid of remote and in-person workspaces as the COVID-19 pandemic continues and evolves. Wherever your team is located, security continues to be everyone’s responsibility. A refresher course in cybersecurity is a great way to help employees get back in the swing, and re-establish security best practices they may have…
-
Why OAuth is so Important: An Interview with Justin Richer
This is the third article in this series by Kathleen Moriarty, CIS Chief Technology Officer. In this article, Moriarty interviews Justin Richer, an internet security expert with over two decades of experience, and author of “OAuth2 In Action,” as well as many OAuth (Open Authorization) extensions. Together they take a deep dive into authentication, authorization,…
-
Microsoft Azure Security Benchmark v3 is now mapped to CIS Critical Security Controls v8
We are pleased to announce the release of the Azure Security Benchmark (ASB) v3 with mappings to the CIS Critical Security Controls (CIS Controls) v8. The ASB includes high-impact security guidance to mitigate against high priority threats. While the ASB is specific to Azure, this mapping shows the applicability of CIS Controls v8 to an…
-
Authentication and Authorization Using Single Sign-On
By: Kathleen M. Moriarty, CIS Chief Technology Officer In order to prevent credential theft from phishing attacks, there is a push for multi-factor authentication (MFA). This is a very important step and should be considered if your organization has not yet made the transition. While MFA adds important protections, how you implement single sign-on, authorization,…
-
End of Life Update: CIS-CAT Pro Assessor v3
CIS-CAT Pro is a tool used to evaluate the cybersecurity posture of a system against the recommended policy settings outlined in the CIS Benchmarks. Following the release of CIS-CAT Pro Assessor v4, the Center for Internet Security (CIS) will cease support for CIS-CAT Pro Assessor v3. Its final release will occur in November 2021. What…
-
How to Meet the Shared Responsibility Model with CIS
In 2020, the shift to a global remote workforce demonstrated just how difficult securing a cloud environment can be. Now organizations face the challenge of securing hybrid environments. To address these challenges, many companies migrate to the cloud and leverage cloud service providers (CSPs) such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, and…
-
For Data Compliance, Automation is Key
In this edition of Cybersecurity Where You Are, CIS Senior VP and Chief Evangelist, Tony Sager welcomes Thordis Thorsteins, Senior Data Scientist at Panaseer. Panaseer provides a controls monitoring platform and has played a valuable role in the development of the CIS Critical Security Controls, as well as the implementation of the CIS Controls Assessment…