Sage Advice - Cybersecurity Blog

Developing a Cyber Threat Intelligence Program

With cyber-attacks increasing, the likelihood that many organizations are experiencing the same attack is also increasing.  When such an incident occurs, the intelligence gathered – including what happened, how it was dealt with, and lessons that were learned – can teach your organization what to do in the same situation.  In today’s dynamic threat environment, it’s impossible to single-handedly keep on top of everything.  Implementing a threat intelligence program can help you better protect your organization.

Read More

Topics: Security Policy, Threat Intelligence, Information Sharing

Why is Data Classification Important for Information Security?

Data classification is as fundamental a part of securing your organization's information as knowing what data you have and who can access it. It's the process of identifying and assigning pre-determined levels of sensitivity to different types of information. If your organization doesn’t properly classify your data, then you cannot properly protect your data.

Read More

Topics: Security Policy, Risk Management

Measuring Cybersecurity Success

Many CISOs struggle to build a compelling business narrative around their cybersecurity efforts. So when they stand before C-execs or board members, they turn to quantitative measures to craft a basic blocking-and-tackling story (check out how many suspicious connections our firewalls blocked last quarter) and watch eyes glaze over. What’s missing from these number-packed tales, according to 2018 CyberCrime Symposium presenter Summer Fowler, is any business context.

Read More

Topics: Security Policy, CyberCrime Symposium, Cybersecurity Culture

Four Cybersecurity Myths Organizations Need to Bust

In today’s threat environment, we can count on the fact that there will be more spectacular breaches to come. The bad guys will always get in. It’s time to acknowledge that reality and take action.

In our experience, many organizations who are just getting started on their path to cyber resiliency have a few misconceptions when it comes to cybersecurity. These myths must be busted in order for organizations to defend themselves against the risks they face. Here are four of the most common myths that must be busted.

Read More

Topics: Security Policy, Cybersecurity Culture

Understanding the General Data Protection Regulation (GDPR) and What it Means for Businesses Worldwide

The purpose of the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, is to help the European Union (EU) give its citizens and residents control over their own personal data. It's designed to simplify the regulatory environment for international businesses and it unifies the regulations within the EU. One of the more significant aspects of the GDPR is that it also addresses the export of personal data outside of the EU, making it the first global data protection law.

Read More

Topics: Security Policy, Regulations

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: Compliance, Security Policy, CyberCrime Symposium

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Why Technology Lifecycle Management is Important to your Business

If you’re like most businesses, your IT environment is constantly evolving – operating systems are upgraded, new hardware is added, and new applications are launched. This ecosystem of connected and interdependent resources must be managed to ensure everything runs smoothly and is kept up-to-date, which can be a daunting task.

Read More

Topics: Security Policy

Lifecycle Management: How to Minimize Risks as Technology Evolves

Most businesses today could not operate without technology, and it often feels like technology is evolving at breakneck speed. Consider this… the personal computer has only been around for about 40 years, and now almost everyone carries a mini-computer around with them everywhere they go! While innovative technology provides many benefits, it also introduces risks to businesses large and small, especially if you aren’t managing your IT environment using the principles of lifecycle management.

Read More

Topics: Security Policy

Measuring the Effectiveness of your Cybersecurity Program

Cybersecurity spending continues to rise, but cybercrime doesn’t seem to be slowing down. While there’s no shortage of new technologies to invest in, the reality is that there’s no silver bullet solution to protect your organization from an attack. A layered approach, one that involves people, process, and technology, is required. But how do you know which solutions work best for your organization? The answer is metrics!

Read More

Topics: Security Policy