Microsoft recently announced a pair of Windows 10 Remote Code Execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182. These vulnerabilities allow cybercriminals to obtain remote control of a computer over a network connection. Microsoft discovered the vulnerabilities during routine testing of Windows 10, which allowed them to publish the required security updates and notify the public at the same time.
Most employees want to be productive. As cloud service consumers, we have become accustomed to finding a tool or app that will help us fill a need and simply buy it without obtaining approval from our organization first. This practice of employees bypassing IT management to procure tools and services without proper vetting has infiltrated the workplace and is known as Shadow IT.
It seems we can’t go more than 24 hours without hearing about the latest and greatest data breach that affects millions. So we ask ourselves, “What can we do better?” After all, if the “bad guys” can hack into the federal government, Home Depot, and Target, what hope do small and medium-sized businesses have?
Learning how Quality Management Systems (QMS) and Standard Operating Procedures (SOPs) can positively affect an organization assures consistency and accuracy. Let's take a look at each.
In my blog article posted on July 14, 2017, I covered the Foundations of Quality and Continuous Improvement which discussed the importance of establishing business quality across the board. In this blog post, I will talk about Root Cause Analysis, a method used to discover the root or cause of an issue or problem when quality breaks down.
Email can work for you, and it can be used against you. On the positive side, it's a tool that allows organizations to collaborate, communicate, and save time.
On the negative side, cybercriminals are savvy enough to use it as a weapon to send phishing and spear-phishing emails to unsuspecting recipients allowing confidential data to be exposed and money to be stolen.
Many organizations include the review of Service Organization Controls (SOC) examination reports in their annual vendor due diligence activities; however, most are unsure of what they should be looking for in the report. Determining what is relevant and knowing how to read a SOC examination report can help to ensure that organizations get the most value and assurance out of their review.
The role of the Information Security Officer (ISO) varies based on the size and complexity of an organization. It may be a full or part-time position held by an employee having only ISO responsibilities or by an employee having other roles within the organization. A primary role of the ISO is to work with management to strengthen its information security program and to protect the organization’s information assets.
Systems Engineering is happy to host a guest blog series that highlights various expertise in the business community around us. This week, the author, Durward Ferland, Jr., comes to us from Macpage, a certified public accounting firm located in S. Portland and Augusta, ME as well as Marlborough, MA. In this blog article, Durward writes about the importance of Security Awareness Training in business organizations today.
Systems Engineering’s (SE) Lunch & Learn "Information Security Evolution and the Modern Network" was recently held in Bangor and Portland, ME and Nashua, NH. This event covered cybersecurity, its current state, how threat intelligence has grown, and an overview of the evolving layers of security.