Sage Advice - Cybersecurity Blog

Four Cybersecurity Myths Organizations Need to Bust

In today’s threat environment, we can count on the fact that there will be more spectacular breaches to come. The bad guys will always get in. It’s time to acknowledge that reality and take action.

In our experience, many organizations who are just getting started on their path to cyber resiliency have a few misconceptions when it comes to cybersecurity. These myths must be busted in order for organizations to defend themselves against the risks they face. Here are four of the most common myths that must be busted.

Read More

Topics: Cybersecurity Culture, Security Policy

Understanding the General Data Protection Regulation (GDPR) and What it Means for Businesses Worldwide

The purpose of the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, is to help the European Union (EU) give its citizens and residents control over their own personal data. It's designed to simplify the regulatory environment for international businesses and it unifies the regulations within the EU. One of the more significant aspects of the GDPR is that it also addresses the export of personal data outside of the EU, making it the first global data protection law.

Read More

Topics: Security Policy, Regulations

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: CyberCrime Symposium, Security Policy, Compliance

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Why Technology Lifecycle Management is Important to your Business

If you’re like most businesses, your IT environment is constantly evolving – operating systems are upgraded, new hardware is added, and new applications are launched. This ecosystem of connected and interdependent resources must be managed to ensure everything runs smoothly and is kept up-to-date, which can be a daunting task.

Read More

Topics: Security Policy

Lifecycle Management: How to Minimize Risks as Technology Evolves

Most businesses today could not operate without technology, and it often feels like technology is evolving at breakneck speed. Consider this… the personal computer has only been around for about 40 years, and now almost everyone carries a mini-computer around with them everywhere they go! While innovative technology provides many benefits, it also introduces risks to businesses large and small, especially if you aren’t managing your IT environment using the principles of lifecycle management.

Read More

Topics: Security Policy

Measuring the Effectiveness of your Cybersecurity Program

Cybersecurity spending continues to rise, but cybercrime doesn’t seem to be slowing down. While there’s no shortage of new technologies to invest in, the reality is that there’s no silver bullet solution to protect your organization from an attack. A layered approach, one that involves people, process, and technology, is required. But how do you know which solutions work best for your organization? The answer is metrics!

Read More

Topics: Security Policy

Elements of an Information Security Policy Hierarchy

An Information Security Policy provides the foundation for a successful cybersecurity program that can protect your information, help you prepare for and adapt to changing threat conditions, and withstand and recover rapidly from disruptions. A well-written policy clearly defines guiding principles, provides guidance to those who must make present and future decisions, and serves as an implementation roadmap. Policies are important, but alone they are limited in what they can accomplish. Policies need supporting documents to give them context and meaningful application.

Read More

Topics: Security Policy

Understanding Information Security Policies

Information security policies, standards, procedures, and plans exist for one reason – to protect the organization and, by extension, its constituents from harm. The lesson of the Information Security Policy domain is threefold:

  1. Information security directives should be codified in a written policy document.
  2. It is important that management participate in policy development and visibly support the policy.
  3. Information security should be strategically aligned with business requirements and relevant laws and regulations.
Read More

Topics: Security Policy

Fundamental Objectives of Information Security: The CIA Triad

In the information security world, CIA represents something we strive to attain rather than an agency of the United States government. Confidentiality, integrity, and availability (CIA) are the unifying attributes of an information security program.

Read More

Topics: Security Policy