Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Center for Internet Security (CIS) publishes Critical Security Controls that help organization improve cybersecurity. CIS Control 9 covers protections for email and web browsers.

Modern organizations depend upon a dizzying array of software: operating systems, word processing applications, HR and financial tools, backup and recovery solutions, database systems, and much, much more. These software assets are often vital for critical business operations — but they also pose important security risks.

CIS Control 14 concerns implementing and operating a program that improves the cybersecurity awareness and skills of employees. (Prior to CIS Critical Security Controls Version 8, this area was covered by CIS Control 17.) This control is important because a lack of security awareness among people inside your network can quickly lead to devastating data breaches, downtime, identity theft and other security issues.

The newly revised and renumbered Center for Internet Security (CIS) Control 11 highlights the need for backups, ensuring smooth and timely recovery of data in case of security breach or misconfiguration. In the current CIS Critical Security Controls (CSC) version 8 of CIS benchmarks, the data recovery control has been pushed ahead to 11. It was previously CIS Control 10 in version 7. CIS Control 11 is a vital player among the 18 cis controls CIS has formulated.

File integrity monitoring is essential for information security because it helps quickly identify unauthorized changes to critical files that could lead to data loss and business disruptions. File changes may be your first or only indication that you’ve been hacked in a cyberattack or compromised through errors by staff or system update processes.

File integrity monitoring (FIM) is essential for securing data and meeting compliance regulations. In particular, the Payment Card Industry Data Security Standard (PCI DSS) requires organizations to use FIM to help secure their business systems against card data theft by detecting changes to critical system files. This article explains these PCI DSS requirements and how to achieve compliance using FIM.

Being a sysadmin is definitely not for the average human being. You have to always be ready to help people, fight hackers, use tech gadgets … actually, a sysadmin’s typical day sounds a lot like the life of a superhero! But even superheroes have a dark side. We asked our sysadmin community to share some naughty things they’ve ever done — or keep doing. Naturally, their responses will remain anonymous due to the delicacy of the topic!

Microsoft released a valuable new Azure feature in December of 2021: custom security attributes. This feature is still in preview. Custom security attributes enable organizations to define new attributes to meet their needs. These attributes can be used to store information or, more notably, implement access controls with Azure attribute-based access control (ABAC). Azure ABAC, which is also in preview, enables an organization to define access rules based on the value of an object’s attribute.