December 13, 2018 FFIEC CAT vs FSSCC Profile - WST In 2015, the FFIEC developed the Cybersecurity Assessment Tool (CAT) (https://www.ffiec.gov/cyberassessmenttool.htm) to “help institutions identify their risks and determine their cybersecurity preparedness. The tool provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time.” Regulatory agencies widely support and accept the CAT as examiners are expecting you to complete it annually. However, anyone who has completed the CAT knows that the process can feel overwhelming with the large number of questions, particularly for smaller banks. In October 2018, the Financial Services [...]
About 10-D SecurityThis author has not yet filled in any details.
So far 10-D Security has created 53 blog entries.
December 6, 2018 The Most Basic Ransomware Defense Technique - WST Aside from standard security practices such as antivirus software and security awareness training, one of the most effective steps you can take to protect against ransomware is very straightforward: limit what files users can access. Ransomware almost always runs with the same permissions as the infected user, so what they cannot access, the ransomware cannot encrypt. The concept of ‘least privilege’ (allowing a user to access only what is needed for their job) is as old as information security itself, but it is not always easy [...]
November 29, 2018 Sure Is Dark Out There - WST If you are in Barrow Alaska you won’t see the sun again until January 22nd. That’ll be after 82 consecutive days of not seeing the sun. For the rest of us, it’s hard to imagine that much darkness. It only feels that dark for many of us now that daylight saving time is over, and we find ourselves leaving work around dark each day. As you’ve left your office in the dark, have you ever turned and looked back into the building to see what is visible [...]
November 15, 2018 Bye Bye Summer, Hello Flu! - WST Winter seems to be in a big hurry, and yes, that means Pandemic Plan time. In the Midwest, we raced right from Summer into Winter without so much as a goodbye handshake. Right on cue, with the colder weather, we are already seeing the first cases of flu pop up . . .and you all know what that means. Yup, time to dust off the pandemic plan and make sure it is up to date. Pandemic Plan reminders: Focus on operating with limited staffing (are your procedures [...]
November 8, 2018 Budget? For Information Security? - WST The midterms are finally over, and the ads have mercifully ended. We all deserve a little credit for putting up with the insanity. But now, is the time to get back on track and plan out your budget for 2019. Or, did you assume it will just be a part of IT’s budget? According to the FFIEC Cybersecurity Assessment Tool, a “baseline” requirement indicates: “The budgeting process includes information security related expenses and tools. (FFIEC E-Banking Booklet, page 20).” Whether you’ve already submitted your 2019 budget or not, [...]
November 1, 2018 Embedded Video with MS Word Woes - WST Last week a new Microsoft Word vulnerability was discovered concerning embedded video. This vulnerability allows malicious code to be placed inside of a Word document containing an embedded video link. This malicious code can be executed in the background without prompting the user. This vulnerability appears to affect even the most recent versions of Microsoft Word. This method will likely become very popular with phishing campaigns. Currently no patch exists for this yet to be a CVSS number assigned vulnerability. Current potential mitigation methods would be [...]
October 31, 2018 Top 5 InfoSec Horror Movie Watchlist - WST InfoSec can be a scary thing. As you get ready for another fun-filled Halloween night, here is our list of favorite (ok…maybe fake) Information Security horror movies: #5 Dark Web 2 "She thought she had escaped...but the web was bigger than she thought..." #4 Rosemary's Risk Assessment "Sometimes it is the risks you know that you should fear the most." #3 Night of the Living APT "They won't stop, and they never leave!" #2 Incident Response Plan IV "It seemed like just a test, until they [...]
October 25, 2018 Cloud Backups and Encryption - WST Many institutions utilize cloud-based storage as part of their backup solution. Whether it is a pure server to cloud backup, a local backup repository with an offsite cloud storage component, or somewhere in between, the flexibility of many of these solutions can be awesome. The usage of these services does not have to be a trade-off in security either if it is done correctly. Encryption is the key (no pun intended). To protect data sent to the cloud, it must be encrypted. Just about any backup service will [...]
October 18, 2018 National Cybersecurity Awareness Month - WST Even though October is more than half over it’s not too late to celebrate National Cybersecurity Awareness Month (NCSAM). For the last fifteen years the Department of Homeland Security has designated the month of October as a time to emphasize the importance of cybersecurity at work and at home. The purpose is to provide government, private industry and individuals with resources to stay safe online and increase everyone’s overall awareness of cyber-threats. With training and awareness being the primary focus, a number of resources have been made available [...]
October 11, 2018 Quarterly Firewall Reviews are a Requirement - WST For many companies there is only one device between their internal network and the whole wide world, AKA the Internet. This one device, called a firewall, is a key component in a secure architecture and it is often under managed. By that we mean the firewall is often not receiving the ongoing attention it deserves, a firewall review. The common issues we find with firewall configurations include: Managed Firewalls: In today’s environments we often see the management of firewalls outsourced and all but forgotten about by [...]