Blog

What grade would your school get in cybersecurity?

What grade would your school get in cybersecurity?

Cyberattacks that focus on schools are becoming more frequent. Why? Schools are considered an easy target as lack of funding for proactive cybersecurity means that the IT team is woefully outgunned and often already overwhelmed with providing the day-to-day support...

Classifying the severity of a cyber incident

Classifying the severity of a cyber incident

Ideally you would already have classified your data and be aligned with a cybersecurity or compliance framework to be able to effectively classify the severity level of various types of incidents.  This quick reference model can help with communication and next steps...

Should you do your own cybersecurity monitoring?

Should you do your own cybersecurity monitoring?

Should you do your own cybersecurity monitoring?  It's a fair question. You may already be paying for IT staff and many tools exist to collect logs. There are important considerations when you make this decision. Let's start with your staff.  If they are like most IT...

SUBSCRIBE TO OUR Blog UPDATES

What do our clients say about working with Foresite?

What do our clients say about working with Foresite?

Sometimes it's just best to let our clients do the talking - after all, no one understands the value of our services more than they do! This week's post focuses on a client who faced a number of challenges when we first met, including: Identifying and remediating...

Where are your data protection blindspots?

Where are your data protection blindspots?

Data security and privacy were named as top issues for 2019. Data loss prevention requires a comprehensive strategy to identify, protect and monitor sensitive information.  As most organizations do not 100% know what data they have stored (often over many years and...

3 Key things to make your MSSP relationship a success

3 Key things to make your MSSP relationship a success

According to "The State of K-12 Cybersecurity: 2018 Year in Review", schools are under attack.  A U.S. school district becomes a victim of an attack as often as every three days - and that's just the reported incidents.  The actual breaches could easily be much higher...

Auditing and logging for HIPAA

Auditing and logging for HIPAA

The NIST Cyber Security Framework, or NIST CSF,  is the result of a February 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity” and 10 months of collaborative discussions with more than 3,000 security professionals. It comprises a risk-based...

What is cyber threat hunting?

What is cyber threat hunting?

Auditing and logging are an important part of the HIPAA Security Rule, but the rule contains no specifics on this requirement. According to HIPAA Security Rule - 164.312(b):“Implement hardware, software, and/or procedural mechanisms that record and examine activity in...

5 core functions of effective cybersecurity – #1 Identify

A buzz term of today’s cybersecurity is ‘threat hunting’. It gives you images of clandestine agents hiding in the shadows, ready to spring into action to neutralize a threat. Well that’s not exactly what cyber threat hunting is, but it’s also not necessarily what many...

Record fines come on the heels of warnings about cyber risk

Record fines come on the heels of warnings about cyber risk

Patch Management is reviled, impossible and critical. It’s technically difficult if not impossible, it’s prone to issues that can lead to disruption, and it’s absolutely required from a security and compliance standpoint. Let’s look at why each of these statements is...

Special Directive on Domain Name System (DNS) Compromise

Special Directive on Domain Name System (DNS) Compromise

A buzz term of today’s cybersecurity is ‘threat hunting’. It gives you images of clandestine agents hiding in the shadows, ready to spring into action to neutralize a threat. Well that’s not exactly what cyber threat hunting is, but it’s also not necessarily what many...

New data breach notification legislation effective in 2019

New data breach notification legislation effective in 2019

Last week the USA’s Department of Homeland Security (DHS) sent out a directive for all agencies to upgrade their Domain Name System (DNS) security in light of a wave of Iranian hack attempts specifically targeted at compromising DNS. The compromise The Iranian...

Growing Revenue with Foresite

Growing Revenue with Foresite

State's are passing legislation to address the concerns of the public over protection of data and notifications and remedies when personal data is breached.  So far in 2019,  Vermont began regulating data brokers and South Carolina’s adoption of the National...

Threat Intelligence – Real or Hype?

Threat Intelligence – Real or Hype?

Data security and privacy were named as top issues for 2019. Data loss prevention requires a comprehensive strategy to identify, protect and monitor sensitive information.  As most organizations do not 100% know what data they have stored (often over many years and...

Giving Thanks

Giving Thanks

There is a lot of confusion around the term MSSP (Managed Services Security Provider). What are they? What do they do? What is their value? Can’t I just do that myself? The term MSSP had its genesis in the internet service providers (ISPs) in the 1990s the ISP...

SOC2 for Small Businesses

SOC2 for Small Businesses

On March 26, 2018, the Government of Canada quietly announced that, on November 1, 2018, important changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) will come into force. This has not met with the fanfare of the EU’s GDPR (General...

National breach notification law would usurp patchwork of state laws

National breach notification law would usurp patchwork of state laws

ProVision Top 10 Frequently Asked Questions (FAQs) 1) Is Foresite’s ProVision a SIEM or an MSSP?  Let’s start by defining the terms.  SIEM stands for Security Information and Event Management, and a SIEM tool collects logs for the analysis of security alerts.  MSSP...

Zero Trust Networks

Zero Trust Networks

A bill is pending to amend the Gramm-Leach-Bliley Act (GLBA) to include a national data breach notification law that would supersede the various state laws that now apply to the financial sector. This initiative has the support of the American Bankers Association...

INTERESTED IN WHAT FORESITE CAN DO FOR YOU?

At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.