DATA SECURITY: Building an Incident Response Program: Creating the Framework. An incident response (IR) plan does not need to be overly complicated or require reams and reams of policy, standard, and other documentation. However, having a solid and tested framework for the program is key in the ability of an organization to respond to and survive a security incident. Read more
SECURITY EXECUTIVES: The Dos and Don’ts of a Successful Incident Response Program. Many organizations have adopted a herd mentality by assigning the security incident responsibility to the Chief Information Officer (CIO) or senior security official (CISO). Unfortunately, this myopic approach is a prescription for the organization to make serious errors and delay responding based on two key observations. Read more
STUDY: New Incident Response Study Reveals More Than Half of Attackers Use Social Engineering to Target Organizations. More than half of external attackers use social engineering as their point of entry into target organizations, a new study on incident response revealed. According to F-Secure’s “Incident Response Report,” 52 percent of external attackers used social engineering to infiltrate target companies. The remaining 48 percent exploited technical weaknesses. Read more.
FEDERAL GOVERNMENT: Agencies Should Prioritize Data-Level Protections to Secure Citizen Information. Americans share numerous pieces of data about themselves every day with companies and government agencies, including personally identifiable information like Social Security numbers and health care information. With all this personal information being shared, protecting an organization’s network and infrastructure is no longer sufficient to protect this data. Government now needs to secure each piece of data at a document level to fully protect against cyber risks. Read more.
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems February 2018 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-february-2018.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.