Have Coffee, Will Travel
There are few things worse about being a road-warrior consultant than the sacrifice of creature comforts while traveling. A few of us here at Urbane have figured unique solutions to meet these challenges when it comes to our desire a well-crafted cup of coffee. Through various different iterations and testing, some of the more dedicated to caffeine team members have decided to share how they get their caffeine fix while on the road.
Continue Reading "Have Coffee, Will Travel" (a 3 minute read) >
Socializing New Policies
In the last Back to the Basics post, we discussed starting the writing process for security policies and procedures. Once you have the initial draft completed and upper management has signed off on it, what do you do next?
Many organizations will consider it final at that point and push it to the repository where documentation goes to be stored and largely unread. Ensuring that your employees are engaged in the process or at least interested enough to open the documents is another challenge.
Continue Reading "Socializing New Policies" (a 4 minute read) >
Getting Started With Your First Information Security Policy
Have you ever been tasked with writing a security policy and feel completely lost as to where to start?
This feeling is a normal one that we have seen time and time again in our respective consulting careers while doing security assessments. At some point, a member of the security team is tasked with writing a policy for the organization in order to fill a compliance need, but aren’t given any further guidance or framework to the content and format. Uncertain of how to fully complete the policy, one usually starts with Google looking for templates and examples of policy from other organizations they can borrow from. This results in a pasted together collage of policies and standards which may meet compliance requirements, but aren’t integrated with daily practices.
While this scenario is all too common, it doesn’t have to be. Given a little time and care, it is possible to create a set of policy and procedural documents without a lot of headache.
Continue Reading "Getting Started With Your First Information Security Policy" (a 5 minute read) >
To Infinity, (Above) and Beyond!
The Payment Card Industry Data Security Standard (PCI DSS) is no longer a fledgling framework. The thought and process that has gone into the revisions to mature the PCI DSS has created a prescriptive list of controls that any organization would do well to follow. However, even the PCI Security Standards Council steadfastly maintains that the PCI DSS is only a baseline of controls. So let’s go through a thought exercise about additional controls that are not in the PCI DSS but could be used improve the security of your environment.
Continue Reading "To Infinity, (Above) and Beyond!" (a 3 minute read) >
Are You Ready for the New PCI DSS Requirements in 2018?
Were you the kid who came straight home from school and started the new project on the day it was assigned? Or were you the type who would calculate in your head exactly how much you could procrastinate before starting? Playing that new video game or riding bikes outside with your friends always seemed like more fun than a new compliance requirement, er, homework.
The PCI Security Standards Council released the newest version of the PCI DSS in April 2016. It contained quite a few minor changes and updates as well as nine brand new requirements. After pushing the SSL/TLS migration deadlines back due to industry pressure and tight implementation deadlines, they prudently provided almost two years of lead time for the enforcement of these new controls. The grace period is almost over. All new requirements introduced in the PCI DSS v3.2 are a best practice currently and will go into effect as of February 1, 2018.
Continue Reading "Are You Ready for the New PCI DSS Requirements in 2018?" (an 8 minute read) >