NIST Cybersecurity Resources During the Shutdown
9th January 2019
They did what? During the government shutdown, which has now gone on for over two weeks, the clever folks at the National Institute of Standards and Technology (NIST) took down many of the resources that the cybersecurity community relies on to help protect society. The NIST Cybersecurity department has indispensable frameworks and other tools that…
-- READ MORE
Top Fractional CISO blogs of 2018
26th December 2018
It’s that time of year… the top lists of 2018. Here at Fractional CISO we are not immune to the phenomenon. So, we’ll shamelessly follow suit with our top blogs of 2018. #6 Actual breaking news… Typeform Data Breach: 100,000 Records and Counting We are usually a commentary site. But sometimes we get a scoop….
-- READ MORE
Cryptocurrency: Not Ready for Prime Time
19th December 2018
Some say to never kick a cryptocurrency when its down. But I will. The recent Bitcoin crash has brought the question to light of the long-term viability of cryptocurrencies. Will they come back, or won’t they? I don’t know. What I do know is that cryptocurrencies have some serious structural challenges. These challenges will hamper…
-- READ MORE
SOC 2 Audit: How to Comply with the Tough New Changes
11th December 2018
SOC 2 Audit: How to Comply with the Tough New Changes Companies that want SOC 2 audit certification are scrambling to get in front of new requirements from the American Institute of Certified Public Accountants (AICPA). The AICPA has released additional information on what’s needed for a SOC 2 audit. SOC 2 audits finished after…
-- READ MORE
18 months in: What I’ve learned starting a cybersecurity company
28th November 2018
After twentyish years working for someone else, I quit my corporate job and started a cybersecurity consulting company. While it seemed risky at the time, now I can’t imagine doing anything else. When I first quit, I got questions like, “You have clients lined up, right?” and “What are you really doing?” The answers, “no”…
-- READ MORE
Does your organization need a Password Manager?
6th November 2018
Yes, your organization needs a Password Manager! Now that we’ve answered one of the most frequently asked questions, let’s spend the rest of this blog post explaining why. How else would a person keep track of the 191 passwords an average employee needs to manage? Here are some of the possible solutions for managing the…
-- READ MORE
Understanding IoT Identity
9th October 2018
What is a surefire way to mess up the security of your IoT implementation? Use the same secret for all of your devices? Allow former employees to access the devices in the system? How about leave default passwords on devices? It turns out that there are a lot of surefire ways to mess things up….
-- READ MORE
Four steps to securing your IoT Identity from ex-employees
6th September 2018
When you see one of those cybersecurity stories about how an ex-employee “hacked” a company with terrible consequences, do you think that could never be us? Or do you think, I’m glad we don’t have anyone like that around! Many companies are exposed to the former insider risk, they fortunately haven’t been tested by a…
-- READ MORE
Is your website about to go dark?
1st August 2018
Encryption hasn’t always been a standard on the Internet – in earlier days, most webmasters simply used HTTP, instead of the HTTPS format. HTTP means no encryption for the website. So all the private information- names, addresses, passwords, that are collected can be “heard” by any one “listening in”. These days, many companies are moving…
-- READ MORE
Typeform Data Breach: 100,000 Records and Counting
12th July 2018
The list of customers affected by the Typeform data breach has grown in the past week. So has the number of personal records exposed. This article aims to collect all of this data in one location. What is Typeform? Typeform conducts customer surveys and quizzes for other companies using their service. The web-based platform allows…
-- READ MORE
