Security and Compliance: A Balancing Act of Inequalities


Wes Withrow, IT GRC Subject Matter Expert

At some point in every IT security professional’s career they will be asked their opinion on the merits of compliance and how soon it will be before compliance frameworks get to the point that organizations are “hack proof.”

The response almost invariably goes like this: “Compliance isn’t perfect but at least it’s forcing us to talk about security. Nothing is hack proof unless it’s powered off, unplugged from the network, and destroyed with hammers.

Posted in IT Security and Compliance | Leave a comment

Expect a Breach and Be Prepared to Respond with an Incident Response Plan


In today’s cybersecurity landscape, organizations now realize that the question of “if” they will be targeted by a cyber attack is no longer valid; they should be asking themselves “when” it will happen and if they are prepared. Cyber criminals, driven by various motives, continue to develop highly-focused attacks to steal an organization’s valuable intellectual property as well as customer, partner and employee data. When attackers have the right resources (excess time and money), even the

Posted in Incident Response Management | Leave a comment

External Penetration Testing: Why Your IDS/IPS Gets in the Way

hacker on laptop

Ted Raffle, Information Security Analyst

One of the most common information security services TraceSecurity provides is an External Penetration Test, given its value of assessing security risks and its ability to simulate a real-world attack. During external penetration testing, an information security analyst (ISA) reviews and tests the ports and services available on the organization’s external network. These are the ports and services that would be visible to anyone on the public

Posted in Network Protection, Uncategorized | Leave a comment

Information Security 101: Basics Everybody Should Know to Protect Their Confidential Data

information security

Bridget Powell, Project Coordinator

In a world where everyone from the family pet to your favorite restaurant have social media accounts, we often forget that there is still some information we should keep to ourselves. Information we were warned ten years ago to never give out to anyone, like our social security and credit card numbers, are entered into website forms on a daily basis. We file our taxes online, we post pictures of our kids and families, we buy tea from China and have it

Posted in Information Security | Leave a comment

The Online Trust Alliance’s (OTA) 2015 Security Report


Madeline Domma, Product Design Specialist

Many organizations fell prey to notable data breach attacks in 2014, and unfortunately no one anticipates an end in sight. The non-profit organization, Online Trust Alliance (OTA), published their 2015 Security and Privacy Best Practices Report which analyzed over five hundred online security breach attack reports from the first half of 2014 and recommended actions based on their findings. In the report, the OTA highlights the shocking fact that

Posted in IT GRC | Leave a comment

The Importance of Effective Vendor Management in Today’s Cybersecurity Landscape

vendor screenJonathan Harrell and Madeline Domma, Product Design Specialists

Increasing interdependence amongst organizations has become essential to achieving successful objectives in today’s complex world of business. Now, more than ever, organizations rely heavily on vendors to maintain their operations but with this expertise and convenience comes added risk. According to Forrester Research, Inc. in a report titled “Understand the Business Impact and Cost of a Breach” published January 12, 2015, “Third

Posted in Vendor Management | Leave a comment

Law Firms Are a Hacker’s Dream

Hacker on computer

Wes Withrow, IT GRC Subject Matter Expert 

When we talk about some of the tactics, techniques, and procedures (TTPs) used by hackers during a cyber breach, we usually think of things like sophisticated malware, military-grade encryption-cracking tools, and ransom notes delivered to the world via Twitter. We usually don’t think about the countless hours the attackers had to spend weeding through the terabytes of stolen data to find the nuggets of valuable information they were looking for.

Posted in IT Security and Compliance, Information Security | Leave a comment

Free Self-Service OWASP Web Application Risk Assessment

After the recent influx of large-scale data breaches, application security has quickly made its way to the forefront of IT security topics, and a web application risk assessment is used to determine what types of controls are required to protect an application from threats – allowing organizations to reduce exposure and maintain an acceptable risk tolerance.

TraceSecurity’s self-service risk assessment guides users through three easy steps to attest to controls already in place, discover any

Posted in IT Risk Management and Assessments | Leave a comment

Metadata – Friend or Foe: When Your Files Betray You

Jose Vasquez, Security Services Manager 

In today’s highly connected and digital world, files and their data are everything. We use files to store, present, analyze, transmit, and communicate information. Of the many file types in existence today, few see as much wide spread and dominating use as those created by Adobe’s Acrobat Pro and Microsoft Office software such as Word, Excel, and PowerPoint. Other common file types include those used for photos and images, such as .JPEG and .PNG, as

Posted in Information Security | Leave a comment

Exploring the Unexpected Results and Benefits of IT Security Initiatives

Wes Withrow, IT GRC Subject Matter Expert

When organizations begin to roll out their IT security initiatives, there’s no shortage of expected and unexpected results. It’s a simple cause and effect relationship, but with IT security initiatives, some of the unexpected results tend to surface in unique ways. For example, one organization might begin to tighten up Windows security in their environment only to realize a 10x increase in the amount of Macs in their environment over a one year

Posted in IT Security and Compliance | Leave a comment