Cybersecurity Recommendations
and Guides

What You Need to Know

There are many pieces that make up a complete Cybersecurity Program. The core parts include Framework adoption, Documentation, Process/Procedure development, Policy management, Security Governance, Risk, and Compliance, Service/Tool procurement and management, Cybersecurity Offensive and Defensive operations, etc. Each of these initiatives and efforts take time, expertise, and money to accomplish. We help collect useful research and resources including guides, templates, and examples on how to approach these successfully.

Some examples include:

Why you need to conduct a Penetration Test
How to create an Incident Response Plan
How to create a Vulnerability Management Plan
Why you need a Data Inventory
Efficient process to handle Vendor Risk Management
Recommendations for building an internal Cybersecurity team
How Change Management should integrate with Information Security Programs

The articles below provide more in-depth information and details.

See the articles below for additional information.

Why you need a Data Inventory to secure your company

Apr 3

CYBERSECURITY GUIDES

Why you need a Data Inventory to secure your company

One of the most obvious but undervalued ways to improve data protection is by properly managing it. This starts with a thorough inventory.

You should be using Dark Web Monitoring, here's why.

Feb 2

CYBERSECURITY SERVICES

You should be using Dark Web Monitoring, here's why.

Are you or your business currently using a Dark Web Monitoring service? If not, you should absolutely consider getting it.

Everything You Need to Know About Conducting a Penetration Test

Jan 9

CYBERSECURITY GUIDES

Everything You Need to Know About Conducting a Penetration Test

Penetration Tests should be conducted at least once per year and it's important to understand all aspects before scheduling.

Pen Testing vs Vulnerability Scanning: Do you Need Both?

Nov 7, 2022

CYBERSECURITY SERVICES

Pen Testing vs Vulnerability Scanning: Do you Need Both?

Penetration Testing and Vulnerability scanning do overlap a little but the short answer is, Yes, and for good reason!

MFA Best Practices, Follow New Guidelines

Nov 4, 2022

CYBERSECURITY GUIDES

MFA Best Practices, Follow New Guidelines

MFA is critical to have in place, but makes sure you are following the latest best practices or it may not be as secure as you think!

Oct 20, 2022

CYBERSECURITY GUIDES

Cybersecurity Policy Creation

Creating policies is a major part of Cybersecurity Program Management. There should be a structured plan and process for policy creation.

Cybersecurity Control Review - Account Management, CIS 5

Oct 7, 2022

CYBERSECURITY GRC

Cybersecurity Control Review - Account Management, CIS 5

CIS Control 05 covers Account Management which focuses on managing account credentials and authentication, including a password policy.

Cybersecurity Incident Response Guide, Part 1

Sep 19, 2022

CYBERSECURITY GUIDES

Cybersecurity Incident Response Guide, Part 1

The goal of Incident Response is to identify threats, respond quickly before the threat spreads, and remediate before they cause damage.

Top Cybersecurity Podcasts to keep up with security news and trends

Sep 14, 2022

CYBERSECURITY TRAINING

Top Cybersecurity Podcasts to keep up with security news and trends

Podcasts can be a great alternative to traditional means for Cybersecurity news and educational content around security trends and threats.

Integrating Application Security Practices, Part 1

Sep 4, 2022

CYBERSECURITY GRC

Integrating Application Security Practices, Part 1

Security is critical to the software development process. There are many frameworks, such as OWASP, that should be leveraged for this.

Using the CIS Benchmarks for Cybersecurity Control Implementation

Aug 30, 2022

CYBERSECURITY GUIDES

Using the CIS Benchmarks for Cybersecurity Control Implementation

The CIS has just recently published two new AWS Benchmarks including updates to their AWS Foundations Benchmark and one for Bottlerocket.

Cybersecurity Control Review - Use a Passive Asset Discovery Tool, CIS 1.5

Aug 27, 2022

CYBERSECURITY GRC

Cybersecurity Control Review - Use a Passive Asset Discovery Tool, CIS 1.5

Follow CIS Control 1.5 by using a Passive Asset Discovery Tool to update the company asset inventory and verify accuracy.

Cybersecurity Control Review - Use DHCP Logging to Update Asset Inventories, CIS 1.4

Aug 24, 2022

CYBERSECURITY GRC

Cybersecurity Control Review - Use DHCP Logging to Update Asset Inventories, CIS 1.4

Configure DHCP logging on all DHCP servers or leverage IP address management tools to review and update the company's asset inventory.

Cybersecurity Control Review - Utilize an Active Discovery Tool, CIS 1.3

Aug 22, 2022

CYBERSECURITY GRC

Cybersecurity Control Review - Utilize an Active Discovery Tool, CIS 1.3

Utilize an active discovery tool to detect and identify assets/devices connected to the company's network that are unauthorized to do so.

Cybersecurity Control Review - Address Unauthorized Assets, CIS 1.2

Aug 20, 2022

CYBERSECURITY GRC

Cybersecurity Control Review - Address Unauthorized Assets, CIS 1.2

Address unauthorized assets that are detected on the company network or connecting to company resources, which is part of CIS Control 01.

1/2

blockchain concept illustration in 3d, connected blocks in blockchain_edited.jpg

Cybersecurity Recommendations and Guides

Check out our Twitter feed!

Cybersecurity Recommendations
and Guides