PeopleSec Blog


GDPR

General Data Protection Regulation-GDPR

The General Data Protection Regulation (GDPR) is a European Union regulation to protect the security of citizens. Specifically in respect to personal data processing and the free movement of all relevant personal data. Labeled ‘Regulation (EU) 2016/679’, the European Commission. The European Parliament, and the European Council seek to strengthen and centralize data and privacy […]

Microsoft-support-scam-phishing

Microsoft Support Scam

The phone number and web address keep getting taken down and new ones keep popping up. But there is a Microsoft support scam going on requesting personal information. Do Not give them any information.  Here are a couple screen shots from a few different people encountering this scam. Vigilante hackers have done some research and […]

PCI DSS data protection

PCI DSS – what you need to know in order to stay compliant

The PCI DSS (Payment Card Industry Data Security Standard) is an industry-wide data security benchmark for firms that deal with payment cards issued by the biggest payment card gateway organizations. The guidelines increase the security of cardholder data as well as minimize the risk of credit card fraud. Developed by the PCI Security Standards Council […]

Social Engineering & Cybersecurity

Social engineering has become the new standard in both cyber-attacks as well as physical security.   Many organizations are fighting back and are quickly making education a priority. First off let’s enumerate a few of the most common types of social engineering attacks and then let’s go over ways to address these threats. Email Phishing […]

SOX Compliance

Sox Compliance Requirements a Basic Outline

Introduction The Sarbanes-Oxley Act is the law as of 2002. You may remember the infamous corporations that were the driving force behind the Act, such as WorldCom and Enron. SOX accordingly expanded and defined new requirements for all public companies as well as management accounting firms. In addition, boards of public organizations in the United States hold […]

NIST Special Publication 800 53

NIST Special Publication 800 53

What Is NIST Special Publication 800 53? NIST Special Publication 800 53, developed by the National Institute of Standards and Technology, provides Federal organizations with a dossier of security controls for the information systems under the purview of the concerned agency. This catalog is not applicable to information systems that are related to national security. […]

FISMA Compliance Checklist

The Federal Information Security Management Act (FISMA) and Compliance Requirements

An introduction to FISMA The Federal Information Security Management Act (FISMA) is a landmark piece of federal legislation that was enacted by the United States in 2002 under the E-Government Act of 2002. The federal government enacted the law in order to acknowledge the growing importance of information security to the political, economic, military, and […]

security awareness

Security Awareness Training & Education Program, Crucial Elements to Incorporate

Does your organization take security awareness seriously? Would your employees be able to defend against social engineering attacks? Is the effectiveness of your organizational security frequently tested? You should be answering a resounding “Yes” to all of these questions.  If you answer “no” or “I don’t know” this may be a sign that your organization has serious security vulnerabilities. The following is […]

Information Security Awareness Tips from a Newborn

While the linked post may be stretching a correlation, the points are accurate, entertaining, and what Information Security loving expert doesn’t want to buy that onesie.  The top tip, Putting in only 45 minutes a year is bad, PeopleSec is in full agreement.  A single 45-minute training a year is not a good practice. Information Security Experts need […]

Phishing with emotion and stress results in bad choices

Recently on one of my personal sites, I received the below phishing attempt: I see a ton of phishing examples as part of PeopleSec’s Security Awareness Training and Education (SATE) program.  It is not often a phish in the wild catches my eye and looks like anything other than spam.  This email is an excellent […]

CEO fraud attacks spoof or hijack executive email or other accounts to get employees to wire money or reveal sensitive information

“CEO Fraud Attack” Readiness is Only Assumed

CEO fraud attacks succeed due to untested, unjustified confidence in employee readiness. Enterprises must take them more seriously. The scam’s tactics and techniques are hardly indefensible. Employees simply are not prepared. Quick confession: I once thought such confidence was warranted. However, numerous real-life examples changed my mind. We need others to change their mind too. CEO Fraud Problem Pervasiveness […]

Manage Risk

The secret sauce for IT to Manage Risk – You would never guess it!

Over the last thirty years, the prevailing belief has been that process, technology and technique, manage risk. While it is true that processes and engineering & technology controls play a significant role in our risk strategy, it is ultimately people that manage risk. The dilemma is that people are very complicated; we don’t always act […]