Join risk3sixty on Thursday, May 9th from 11:15am to 1pm, where we will be co-hosting a NW Atlanta AWS Meetup with Afonza. AWS principle solution architect, Craig Lawson will be speaking about IoT within AWS.
Phishing is when a malicious individual, using email, impersonates a sender that an internal user would have familiarity with, sometimes targeted towards highly specific personnel (Spear Phishing), to execute their intent. Attackers can do this by spoofing their email address to make it appear as though it is coming from a trusted source. Low level[…]
Cloud Companies Can Conquer GDPR with ISO 27018 Certification. Almost a year into a post-GDPR world, the question for many cloud service providers is still, “How do I evidence GDPR compliance?” With no meaningful certification in sight, the time is now for cloud service providers to be proactive in showing how they protect customer data in accordance with GDPR.
Are Pen Test and Vulnerability Scans Required for a SOC 2 Report? There has been much confusion lately in the SOC 2 market as companies seek to understand the need-to-haves vs. the nice-to-haves when it comes to obtaining a SOC 2 report. Much of this confusion was brought about by the December 2018 upgrade of the Trust Services Criteria, and associated Point of Focus, intended to align SOC 2 with the 2013 COSO framework.
Every year the risk3sixty team of “Strange Renegades” run a 100 mile relay race in North Georgia hosted by the General 100. Why? Because there’s no better way to act our our core value: GRIT If you have a team interested in meeting-up shoot us a note. Date: October 19, 2019 Register: www.general100.com
Many modern forms of malware are now file-less and rely on Command & Control (C2) infrastructure to assist outsiders with gaining unauthorized access to networks. This malware “phones home” to remote attackers, who then leverage the internal foothold to infiltrate networks and execute attacks. These attacks can be difficult to detect when security monitoring is[…]
One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls. Shutting down unused ports is the traditional mitigation. Still[…]
In March, 2019, risk3sixty will be hosting SANS MGT414 training program for CISSP Certification.
This course is an accelerated review course that is specifically designed to prepare students to successfully pass the CISSP® exam.
Developing a cyber security baseline can be daunting. Oftentimes the burden falls on the Chief Information Officer or Chief Technology Officer. Before implementing any tool or assessments, management should establish a security baseline.
Business boils down to one thing: People People are the most challenging (and rewarding) part of a successful business. And I mean the full lifecycle of employee experience. You have to do a great job recruiting, making hiring decisions, then training people better than anyone else, creating a culture where people want to stay,[…]