IT Security and Compliance White Papers

Read the latest white papers from industry experts New Net Technologies. We provide comprehensive information on IT security and compliance.

The visibility of configuration changes provided by traditional ‘Tripwire®-style’ file integrity monitoring may provide a great solution for breach detection and security governance, but in the past, this has come at a price. Changes need to be reviewed and approved and to do this properly has always been a labour-intensive task.

Some of us will need therapy during and after an audit - that’s not unusual - but can a Compliance Audit really bring about the same feelings as other forms of grief? Furthermore, if this really is the case then, by extension, could we coach ourselves through the compliance audit process to become more effective at dealing with future audit situations?

Has there ever been a more confusion-generating initiative than the PCI DSS? Even now, a good seven years on from its initial introduction, a clear and definitive understanding of what your organization needs to do may still be a challenge.

Getting the balance right between the need to meet your mandatory obligations for PCI DSS, and the imperative of minimizing costs’ of ownership, is a challenge.Section 10.2 of the PCI DSS states “Implement automated audit trails for all system components...” and there are typically two concerns that we always discuss –What is the best way to gather and centralize event logs? What do we need to do with the event logs once we have them stored centrally? (and how will we cope with the volume!?)

The breach at Target has not just been big news within the Information Security community; it is worldwide headline news in all mainstream media outlets. This article looks at Brian Krebs’† excellent (as usual) investigation and analysis of the story so far from an NNT perspective.

The UK Governments initiative to prescribe a security standard to any organization accessing the Government Connect Secure Extranet is a move designed to keep government organizations one step ahead of the inexorable increase in security threats. There have been too many high profile data thefts and losses by Government organizations, highlighting both the risk to, and the importance of, ICT Security and the governance of citizens' data.

Right now, Ransomware is the Great White Shark of cyber-attacks, the most feared malware of all, and both corporate and home users are running scared. And rightly so - Anyone who has had experience with Ransomware, will attest to the agony and disruption. But instead of worrying about an attack, what action can be taken to safely venture back into the water and not necessarily “with a bigger Boat”?

In early 2017, NNT assembled a panel of experts to discuss the increased importance of applying the Center for Internet Security Controls as part of a modern approach to cyber security. The session also highlighted the benefits of combining the CIS Controls with ongoing, real-time compliance monitoring.

The new and updated version of the PCI Data Security Standard is as much about refining and improving the protection afforded by the DSS as re-launching the standard and attempting to galvanize renewed focus onto PCI compliance.

Many organizations have still chosen to delay the implementation of their PCI program, being wary of the resource requirements necessary to manage PCI compliance.

Threats to theft of Intellectual Property, financial data, Cardholder Data, PII (Personally Identifiable Information) are more diverse and increasingly difficult to defend against. The traditional ‘internet vandalism’ from viruses is still an issue but the ‘threatscape’ in 2012 is far more diverse and dangerous than ever before.

Your enterprise is under attack right now and if a breach is successful, you could lose your Intellectual Property, your sensitive company planning and financial data, your market intelligence and with it, your overall competitive edge could be setback by years.

Within any IT estate, the only constant is change.

Change Control has always been a key security best practice. With every change made to IT systems comes a risk of a weakening of security defenses, not to mention operational problems, through misconfigurations. Changes also create ‘noise’ that makes it more difficult to detect a breach when a cyber attack succeeds.

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire
AL5 2JQ

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.