Last week we addressed the importance of implementing a Disaster Recovery plan under your own Business Continuity program. And as we mentioned previously, this is a necessity under most, if not all, compliance requirements. The next question is, do you know what it means to maintain compliance?
Last week we talked about the importance of keeping your machines upgraded on scheduled intervals. This not only helps your company save time and money, but also keeps your employees happy with efficiently running machines. While this does help keep your company functioning smoothly, what would happen if a disaster were to strike and take down all business–critical devices or software? Could you say at this very moment that you are prepared for a disaster?
What is unique about a city or local governmental organization? Services must be tailored to a local government’s unique needs. Governments are subject to a strict budgeting process that generally can’t be altered throughout the fiscal year. Any additional items not on these budgets, in which costs exceed a specific price point, are subject to a bidding process; sometimes this can take place even before being finalized in the budget. Furthermore, all items are subject to an open records request. We realize that this month we’re talking about a very specific set of customers. That does not mean non-city customers should set your alarm for August 1st and tune out for July. We consistently write our articles so that they contain helpful information that anyone can utilize in order to help make your organization a better and more efficient workplace.
By now you should have trained your employees on what an attack might look like. Now what? Training an employee is half the battle. Not only do they need to know what NOT to do, they need to know what TO DO when a challenge presents itself. Next, employees need to be aware of internal changes that could directly impact them or their environment, and what to do in case your company does fall victim to an attack. One might call this a Security Plan…
Last week in The Ping: State of Cybersecurity, we spoke about the rise of cybercrime. Cyber criminals are continuing to find ways to access both personal and organizational networks. The good news is that there are a few things you can do to help prevent this from happening to you and your company.
For each area of concern with sensitive data, there are published guidelines to follow in order to achieve compliance. Reading and digesting the guidelines in whole can be a difficult task. There are decision making tools, technical requirement write-ups, security policies, and security procedures to pour through. So, without getting into the nitty gritty, we want to answer some of the frequently asked questions that come our way.
Criminal Justice Information Services (CJIS)
Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. It “serve[s] as the focal point and central repository for criminal justice information services in the FBI.” – FBI. In Texas this information is disseminated via the DPS and includes details such as vehicle registration, criminal history, driver’s license, license plate, firearm, etc. Because this information is highly sensitive and needs to be protected, CJIS provides security compliance requirements and performs audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy…
- Security Awareness Training
- Perimeter Intrusion Detection
- Advanced Authentication
- Maintain Log History
- Change Management
- Device Encryption
Failing a single audit flags an agency as non-compliant. If compliance is not achieved, the agency can lose access to the information and tools needed to perform their duties.
What is compliance? Some of you might be acutely aware of this term, and others might have little to no idea. In broad terms, business compliance means following the rules required to secure your business and the people that interact with it. More specifically, compliance is aimed at information security. Business Compliance means you are complying with requirements by a credible organization or government department that promotes the security and protection of sensitive information.
What is “the cloud?” This is certainly a question you’ve asked or wondered. You may have received a few explanations too. When searching online, the first resulting definition used the words “Paradigm” and “Ubiquitous” … this does not clear things up for me. Let’s take care of that. If you’ve hear about “the cloud” you’ve likely heard the phrase “on premise” as well. If not, that’s ok. Defining both will help understanding each of them. So what exactly do those terms mean? Simple. Cloud vs On Premises is where your data is stored or resides. On premises data is housed locally in an environment that you (or your trusted IT vendor) maintain. Data is on your computers or servers and is easily accessible. Cloud is similar to its name. Data in the cloud resides offsite, somewhere outside of your home or office. Typically it is on a server, in a data center, miles away from you. Cloud data is accessible to you via a web browser or application.