Sage Advice - Cybersecurity Blog

6 Quick Wins for Your Security Posture

The world of cybersecurity – and our threat landscape – is ever-changing. From new types of malware being introduced, to new phishing tactics, anything can happen as hackers work to refine their techniques and target their cyberattacks, hoping to get into your network unnoticed.

Read More

The 2020 Threat Outlook

Hackers are constantly developing new ways to infect systems globally. As threat detection services and security teams catch on to their tactics, they continue to build and deploy new malware to feed their personal wallets. We are seeing more malware than ever, and this cycle will only get worse. Let’s review the predicted threat environment for 2020.

Read More

Topics: Threat Intelligence, Cyber Defense, Cybersecurity Awareness

The Information Security Policy Lifecycle

Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the tasks of policy development, publication, adoption, and review. This process is collectively referred to as the policy lifecycle. The responsibilities associated with the policy lifecycle processes are distributed throughout an organization. Organizations that understand the lifecycle and take a structured approach will have a much better chance of success with their cybersecurity practices. Let’s breakdown the Information Security Policy (ISP) lifecycle into further detail.

Read More

Topics: Cybersecurity, Security Policy, Information Security

Information Security Risk Policies

Once you’ve chosen a format and have started planning your Information Security Policy (ISP) documents, you must understand and document risk – a factor that will influence how you make decisions within the organization and develop your policy to its fullest potential.

Read More

Topics: Cybersecurity, Risk Management, Cybersecurity Awareness

How to Start Developing Your ISP

The role of policy is to codify guiding principles, shape and require behavior, provide guidance to those who are tasked with making present and future decisions, and serve as an implementation roadmap. An information security policy (ISP) is a directive that:

Read More

Topics: Cybersecurity Tips, Regulations, Information Security

3 'Must Have' Cybersecurity Documents

We see news of devastating cyberattacks every day in private and public organizations of all sizes. From phishing attempts, to business email compromises, to full-blown ransomware attacks, any device that’s connected to the internet is at risk for an attack.

Read More

Topics: Security Policy, Incident Response, Information Security

The Longer Arms of Privacy Laws

Privacy is difficult to define, much less protect. In the business realm, data privacy is still regularly confused with data security and the titles of those charged with safeguarding it for customers vary widely. Meanwhile, many organizations continue to collect as much personal data as they can, just because they can.

Read More

Topics: CyberCrime Symposium, Privacy, Cloud Security

Call and Response: IR in the Cloud

In the rush to the cloud, infosec professionals struggle to translate their existing security capabilities, controls, and processes to the new environment.  One of the last processes they adapt? Incident response, said Dave Shackleford, as he kicked-off his 2019 CyberCrime Symposium presentation. A primary reason, he said, is they can’t get the same real-time visibility into events that they could in their traditional environments.

Read More

Topics: CyberCrime Symposium, Cloud Security

Cyber-Risk, Meet Cyber-Resilience

Some five years back, Don Anderson, CIO at the Federal Reserve Bank of Boston, sat down for the first time with the organization’s chief risk officer. As the IT head of one of the Fed’s 12 regional banks, he was there to provide input on risk, as part of an initiative to create an enterprise risk management framework.

Read More

Topics: CyberCrime Symposium, Risk Management, Cloud Security

Info-Security Champs: Your Guide to the Cloud

For the first time in its 10-year history, the CyberCrime Symposium featured breakout sessions, a nod to past-audience requests for content tailored to different functional roles. The sessions, offered on both days of the event, comprised two separate tracks — one technical, the other on risk and compliance.

Read More

Topics: CyberCrime Symposium, Cloud Security