One of the benefits of working at a large organization is the opportunity to work with a considerable number of very bright and talented individuals. Recently I went through a role transition from traditionally supporting web based content management systems to supporting large interconnected systems. I was fortunate to connect with a colleague during that transition time who was well …
Social Commerce in a nutshell – the next generation of marketing!
In today’s modern world, traditional forms of marketing and commerce are being replaced and overtaken by their digital counterparts. The internet has revolutionised the way that we do business and it has presented us with a plethora of new avenues for sales and revenue. One relatively new type of process we are seeing a surge in is social commerce. This …
Infrastructure Options for Hosting Multiple Drupal Sites
A project I was recently working on had in place a cloud-based infrastructure that was designed to support a single installation of the Drupal CMS running in Amazon Web Services (AWS). This infrastructure included an auto-scaling setup with load balancers hosting a ‘cache’ layer and an ‘application’ layer that hosted the Drupal CMS. On the backend tier, an AWS Relational Database …
United States Defense Contractors and Cybersecurity Challenges
In the United States, a sizable amount of the overall federal budget is allocated to defense spending. The 2018 Defense Budget was signed into law on December 12, 2017, by President Trump, which authorized just under $700 billion in defense spending (Blankenstein, 2017). In contrast to just a few years ago where the fiscal year defense spending was set at $593 …
SSL Labs Rating Woes
I was recently notified that one of the sites I support was getting a ‘C’ rating on SSL Labs. It turned out that there were three main issues that needed to be resolved. Two out of the three were relatively easy to find via the SSL Labs documentation, which required simple fixes to the ssl.conf file. This server is vulnerable …
Management Actions that Must Happen Prior to a Cyber Attack
Prior to any cyber attack, an organization should already have a solid crisis management plan and set of disaster recovery precautions in place. In addition to this, a risk analysis should be carried out involving a holistic approach and careful investigation of information systems and the overall environment. The purpose of such an analysis is to evaluate all endpoints that …
Moving Target Defense (MTD)
View PostThree Must Have Security Policies In 2018
The nature of the Internet and worldwide connectivity has changed the traditional centuries old paradigm regarding proximity. We now see threats from all parts of the global. What are three cybersecurity policies for a firm that would mitigate risks for cybersecurity attacks at the global level? Cybersecurity threats continue to rise year after year and the problem continues grow due …
Vulnerability Assessments
Vulnerability assessments can be a very effective way of gathering information on an organizations internal security posture. The purpose is to accumulate data on any weaknesses revealed that should be proactively mitigated to prevent exploitation. There are a number of tools that can be used to carry out vulnerability assessments. Typically, a software-based tools are used to scan a selected …
What are Advanced Persistent Threats?
Advanced Persistent Threats (APTs) are security threats that use advanced techniques to hide their attack from their target. They are commonly used to target specific information in high-profile companies and governments. APTs usually follow a long-term strategy of attack in order to gather information from the breached system. There have been many examples of APTs over the years targeting well …