This week we are joined by Daniel Leslie at Namely who shares his take on the human side of security, and what security at scale looks like for his team. Max, Justin, and Daniel discuss the 3 core things to good company-wide security: psychological safety, vulnerability, and purpose. You have to address these things in a comprehensive manner.
Posts by Category:
- SOC 2
- Privileged Access Management
- Identity and Access Management
- Role-Based Access Control
- ISO 27001
- Zero Trust
- Secure Access Service Edge
Data center security refers to the protection of data centers against threats such as cyber-attacks, natural disasters, and human error. The number of data centers has increased significantly over the last decade and so has the amount of security-related disasters. In 2022, the global data center ...
Documenting and communicating policy and system changes in your organization can be an arduous task. But the effort becomes more manageable when you have a plan in place before an emergency.
In this episode Justin McCarthy sits down with Andrew Mulholland, head of core infrastructure at BuzzFeed to talk about security incident response, remote access policy, and a money-back guarantee for OSS.
The first step in this policy is to define the critical processes and assets necessary for you to maintain minimum business functions after a disaster.
The what, where, why and how of audit logging and review for IT security investigations and compliance requirements.
As you work through the rigorous SOC 2 requirements, it is easy to get tunnel vision because so much of your work focuses on protecting your customers and their information. But what about the vendors you work with? Do you have a third-party IT vendor management strategy to address the risks they bring to your organization?
Passwords are one of the most common targets for hackers, so it’s imperative that your company enforces a strong password policy. This policy will not only define the requirements of the password itself but the procedure your organization will use to select and securely manage passwords.
This is the first step to create an audit trail of PostgreSQL logs. Postgres can also output logs to any log destination in CSV by modifying the configuration.
The purpose of a Remote Access Policy is to keep your employees productive from anywhere without sacrificing security.
In the workstation security policy, you will define rules intended to reduce the risk of data loss/exposure through workstations.
You wouldn’t leave the house without making sure your doors and windows were locked, and that any valuables were hidden or secured in a safe. That way, if you were robbed, the burglar would have a difficult time accessing your most precious assets. In the same way, you need to make sure your organization’s critical data is well protected.
Should you host data on-premise or in the cloud? Who is responsible for security? The company who owns the data, the cloud provider, or both?
It's easy to focus on cybersecurity threats like social engineering and phishing. However, internal threats, such as human error and disgruntled employees, can be just as dangerous - and are often overlooked. A mature onboarding and termination policy that leverages least privilege access is essential to preventing a data breach.