IT Security Horror Story: Is your Network an Unsegmented Haunted House?
Mark Manousogianis, Information Security Consultant, Coalfire Labs
One day I went to a client site to perform internal penetration test to emulate the insider threat. This testing was designed to help this client understand the damage a rogue employee or an intruder who gained physical access to the network could do. The site that I was visiting was a storefront and had public WiFi. I told the store staff who I was there to meet, and while I waited for the client to become available I connected to the public WiFi just to have a look.
Formalized IT Security Policy Now Required for Government Prime and Sub-contractors
Alan Ferguson, Executive VP, Sales and Marketing, Co-founder
This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they can meet the intent of the rule but more importantly, they can promote an IT risk audit as a benefit to their customer base in their business development efforts. There are a large number of sub-contractors, including IT service providers, that will need to comply with this new mandate.