Cyber Security for Business

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

whitePaper | February 27, 2020

According to research from ESG and the Information Systems Security Association (ISSA), 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 This level of cyber-risk demands immediate attention and action from CISOs, CIOs, and business executives. As a result, 62% of organizations plan to increase cybersecurity spending in 2020.2 Here’s the problem: Increasing security budgets alone isn’t enough. CISOs need quick and easy wins that can greatly bolster security efficacy and streamline operations without demanding massive projects and vast resources. There is a lot of work ahead. This white paper concludes.

whitePaper | February 11, 2023

Higher-education institutions are experiencing a high volume of cyberattacks and greater vulnerability to threats. Today’s educational technology environments connect a variety of endpoints—laptops, desktops, student management data, and email servers. They use Internet-of-Things (IoT) devices for managing environmental controls, security cameras, and door alarms. Both ends of the education spectrum gather, store, and use personal data from students and staff—and if they collect it, they must also protect it. As a result, schools need dedicated, skilled, and experienced executive leadership that is empowered, resourced, and responsible for campuswide cybersecurity issues.

whitePaper | September 28, 2022

Modernizing your technology landscape requires a parallel cybersecurity strategy because your users and data are no longer protected by the corporate firewall. While the cloud provides unsurpassed agility, it also exposes new threat vectors. Your digital transformation must be accompanied by an innovative and comprehensive approach to reduce risk and attack surfaces.

whitePaper | October 20, 2022

Organizations continue to face a daunting challenge. Email is simultaneously the most important business communication tool and the leading attack vector for security breaches. The ubiquitous, and casual, use of email makes it the perfect avenue to deliver threat-centric content, insert malware into corporate systems, steal data, and extort money.

whitePaper | September 28, 2022

The present White Paper will focus on MEC (Multi-access Edge Computing) technologies and intends to explore security-related use cases and requirements with the aim of identifying aspects of security where the nature of edge computing results in insufficient industry approaches to cloud security. Edge computing environments are by nature characterized by a complex multi-vendor, multi-supplier, multi-stakeholder ecosystem of equipment including both HW and SW devices. Given this overall level of system heterogeneity, the areas of security, trust, and privacy are key topics for the edge environments. Finally, the advent of edge cloud federations and the presence of (far) edge devices, e.g., in Internet-ofThings environments, requires tackling MEC security with an end-to-end (E2E) approach by leveraging existing standards relevant in the area, as carefully selected to be applicable in edge computing systems.