How do you know what due diligence documents to gather from each of your vendors? There are many methods available, but some result in more accurate documentation than others. Today, I'm going to review two of the primary methods and discuss the effectiveness of each method. Method #1: The Bucket Method

Early this year the tech world was rocked with the announcement of two unprecedented vulnerabilities named Meltdown and Spectre. These two vulnerabilities are a big deal because they are hardware vulnerabilities affecting any device with a silicon chip. This includes microprocessors on workstations and servers, mobile phones, tablets, cloud services, and other platforms.

One of our Technology customers recently migrated to a new AT&T WAN offering called AT&T Switched Ethernet – Network on Demand (ASE NoD). This is the most recent evolution of their metro Ethernet service with the addition of long-distance layer 2 connections.

I have encountered issues on PCs that can't access CDs or flash drives that previously had removable media access restricted by either group policy or Symantec Endpoint device control. After the control restrictions were removed, trying to read from the CD or flash drive gave an "Access Denied" error.

If you run the Windows 10 Upgrade Assistant and get an error code 0xc1900208. This means there is a compatibility issue with an application and the install is being blocked! The only way to figure out what program is blocking it is to run a powershell script by Microsoft called Appraiser https://msdnshared.blob.core.windows.net/media/2018/03/AppRPS.zip

Recently, Microsoft released a production version of a new management interface called Windows Admin Center, formerly known as Project Honolulu. The purpose of this product is to provide a centralized or locally-deployed management interface that will (eventually, hopefully) replace Server Manager. It manages servers by using Remote PowerShell or WMI over WinRM and client systems through similar methods.

After installing each Windows 10 creator's update, I get the following error message when I try to click on any link in any email message or click on a table of contents link in a Word doc:

I was configuring a new Windows 10 PC for a customer and logged in under the local administrator account. I tried to open Edge but received a notification that Edge could not be opened by the built-in administrator account.

Ideally, reviewing a SOC Report will take you 15 minutes or less (once you get the hang of it). If you are a financial institution and you have vendors, then you have plenty of SOC Reports to review every year.

In September 2016, the Federal Financial Institutions Examination Council (FFIEC) released an updated Information Security Booklet as part of the IT Examination Handbook. Among other contemporary concepts, the FFIEC placed an increased emphasis on the role of Information Security Officers (ISOs) in financial institutions. In section I.B Responsibility and Accountability (Page 5), the FFIEC provides a list of six key qualities of the ISO role. Here are the six qualities and a brief interpretation of how this can be applied in your organization.

“The sky is falling.” This is how one security writer described the initial panic experienced by the IT world early this year. Two unprecedented vulnerabilities named Meltdown and Spectre were reported on January 3, 2018. These two vulnerabilities were and are a big deal because they are hardware vulnerabilities affecting any device with a silicon chip. This includes microprocessors on workstations and servers, mobile phones, tablets, cloud services, and other platforms. There were several matters which made these vulnerabilities seem scarier than other vulnerabilities.

What is the Internet of Things (IoT)? For the purposes of this article, you can think of the IoT as the global network of “things” that are connected to the internet. This includes the obvious things (e.g., smartphones, computers, wearables, etc.) and the less obvious (e.g., A.I. devices, office automation, coffeepots, smart TVs, etc.).