© Critical Informatics Inc., All Right Reserved 2016

Threat Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers,   well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle   scars   with   pride   and   are   grizzled   enough   to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100
The   public   sector   is   an   interesting,   important   and   really   tough   market   to   work   with.   You   can   verify   this   by   asking   your vendors   how   they   feel   about   working   in   "SLED":   State,   Local   and   Educational.   They'll   talk   about   thin   and   biennial budgets, government procurement rules and political and labor overlays. And    yet,    we    picked    this    market    preferentially.    Why?    Because    we    have    kids.    Because    clean    water,    emergency management,   and   communication   systems   for   public   safety   are   far   more   important   than   credit   cards.   Yes,   the   public sector   holds   personally   identifiable   information,   health   records   and   cardholder   data   and   those   are   important   as security   drivers   (no   one   wants   to   be   "above   the   fold"),   but   the   real   exposures   are   the   ones   that   can   result   in   loss   of   life if disrupted. So   our   challenge   is   to   come   up   with   security   services   that   are   focused   on   the   right   things,   provide   demonstrable value,   and   help   with   moving   the   conversation   forward   about   securing   the   critical   assets   that   are   managed   by   the public sector - while addressing the difficulties in projecting the need for security to electeds and executives. So   here   are   three   packages   that   do   just   that.   These   are   meant   to   assist   with   establishing   a   security   baseline   and budget   priorities,   identifying   low-hanging   fruit   for   quick   wins,   and   addressing   compliance   requirements   that   apply   to HIPAA,   CJIS,   and   PCI.   And   while   pricing   depends   on   scope,   these   are   normally   below   the   threshold   for   competitive procurement.  Focused Security Assessment This   is   against   standards   of   practice   and   regulatory   requirements   that   apply   to   your   organization.   The   assessment   is crafted   to   address   exactly   the   issues   on   which   you   need   to   elevate   attention.   If   you're   having   a   problem   with   payment systems   that   store   cardholder   data,   we   put   PCI   issues   in   scope.   If   you're   concerned   about   the   storage   of   health   data, we   integrate   HIPAA   issues   into   the   assessment.   The   deliverable   is   a   driver   for   budget   requests   and   prioritization,   and establishes a baseline against which you can show progress over time. Packet Capture and Analysis Using   our   custom   packet-capture   platform,   we'll   pull   traffic   from   your   network   onto   an   encrypted   drive   for   a   period   of 3-5   days.   This   comes   back   to   the   MKH&A   lab,   and   is   run   through   our   OSMOSIS   threat   identification   platform,   and interesting   findings   investigated   by   an   MKH&A   analyst.   The   analysis   will   identify   compromised   assets   in   your   network, attacks   in   progress,   data   exfiltration   events,   and   network   device   configuration   issues.   This   information   can   be   used   to identify control deficiencies, the need for user education, and the value of monitoring.  Security Awareness Training Awareness   training   is   a   component   of   nearly   every   security   regulatory   regime,   because   users   are   your   biggest exposure.   While   there's   no   firewall   for   stupidity,   users   can   --   and   should   --   be   periodically   exposed   to   messaging   that helps   to   bring   their   "radar   up"   to   avoid   disclosing   credentials,   biting   on   malware,   or   failing   to   report   odd   occurrences. Our   training   is   directed   at   3   populations:   users,   administrators,   and   executives   and   includes   attestation   management so you can prove to auditors that you're meeting the requirement. See our new CONSULTING   page to learn about these packages and why CI provides value to you.
Three Security Packages for the Public Sector   4/17/2015 By Michael Hamilton CISSP CEO
CLICK HERE FOR DETAILS
Threat Intelligence Blog CRITICAL INFORMATICS INC.
(206) 687-9100
© Critical Informatics Inc. 2016 All Rights Reserved

News

Critical Informatics IT Security

Daily News Blast

Sign   up   for   a   truly   essential   Daily   Briefing   on   all the      Industry,      National      and      International Cybersecurity   and   Information   Security   events you need to know and be able to act on today!

Search the Blast Archive

Search by Date, Range, or Keyword September 2015 August 2015 June 2015 May 2015 April 2015 March 2015 February 2015 December 2014 October 2014 September 2014 August 2014 July 2014 May 2014 April 2014 February 2014 December 2013 November 2013 August 2013 July 2013 June 2013

Threat

Intelligence Blog

The   Been   There,   Bled   There    Blog   that   covers, well,   just   about   anything   that   we   feel   you   can gain   critical   insight   from.      We   wear   our   battle scars    with    pride    and    are    grizzled    enough    to occasionally yell, “Get off of my Lawn!” As they say, “You Can’t Make This Stuff Up!”
(206) 687-9100