Posts by Joel Cardella

7 min CIS Controls

The CIS Critical Security Controls Series

What are the CIS Critical Security Controls? The Center for Internet Security (CIS) Top 20 Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] (previously known as the SANS Top 20 Critical Security Controls), is an industry-leading way to answer your key security question: “How can I be prepared to stop known attacks?” The controls transform best-in-class threat data into prioritized and actionable ways to protect your organization from today's most common

6 min CIS Controls

The CIS Critical Security Controls Explained - Control 4: Controlled Use of Administrative Privilege

The ultimate goal of an information security program [https://www.rapid7.com/fundamentals/security-program-basics/] is to reduce risk. Often, hidden risks run amok in organizations that just aren't thinking about risk in the right way. Control 4 of the CIS Critical Security Controls [https://rapid7.com/solutions/compliance/critical-controls/] can be contentious, can cause bad feelings, and is sometimes hated by system administrators and users alike. It is, however, one of the controls that can h

5 min CIS Controls

The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Stop No. 5 on our tour of the CIS Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] (previously known as the SANS Top 20 Critical Security Controls) deals with Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. This is great timing with the announcement of the death of SHA1. (Pro tip: don't use SHA1 [https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/]

4 min

Disaster Preparedness: It's Not Thought Of Until It Is Needed Most

...and then it might be too late. > An update from Delta CEO Ed Bastian: pic.twitter.com/udNN0kzbKs [https://t.co/udNN0kzbKs] — Delta (@Delta) August 8, 2016 [https://twitter.com/Delta/status/762707065022349312] Recently, Delta Airlines suffered a weeklong outage that, if you take it on it's face, ticks just about every box on a security person's disaster recovery planning scenario. Delta has given [http://www.bizjournals.com/twincities/news/2016/08/08/delta-cancels-flights-outage-minneapolis