Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and...

When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors. Deep down, we all know that audits...

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA , PCI DSS , SOX , and GDPR . Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO, and other advisory bodies. When it...

What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In addition to managing changes to their...