Cygilant Blog

How Are You Implementing SANS/CIS Controls to Mitigate Risk of Data Breach?

Posted by Security Steve on Mar 2, 2016


Many regulations state that companies must take reasonable measures to protect sensitive data, for example, personal information such as Social Security numbers, medical information, and payment card data. But even with that mandate, information is still being stolen through data breaches. Last year in the state of California, 178 reported breaches put over 24 million records at risk, affecting nearly 60% of Californians.


4 Proactive Security Steps Anyone Can Take to Secure Their Network

Posted by Security Steve on Jun 2, 2015

Most security monitoring practices focus primarily on reactive security, alerting security teams when a possible attack has been detecting on their network so that they can react to it and try to stop the intruders before any damage is done. The problem with this method is that the longer it takes to detect an attack, the more it will cost to fix it. The longer the attacker is inside your network, the more of a chance it has to find sensitive information.

Security Spring Cleaning

Posted by Security Steve on May 22, 2015

Spring has sprung. The snow has melted and baseball season is underway.  It’s time to clear out the cobwebs, both literally and figuratively. And if Martha Stewart has any say about it, it’s time for a household’s typical spring cleaning involves clearing out closets, de-cluttering cabinets, and getting everything clean and shiny. But that’s not all that might need attention.  The National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) say now is the perfect time for a “digital spring cleaning.”


In fact, they have offered up a laundry list of tips that are great reminders for all.  We’ve included a couple, plus a few of our own.

Securing Government Agencies at the Core

Posted by Vijay Basani on Jun 25, 2014

EiQ has been a longstanding provider to the government departments and agencies. We know that many government agencies and divisions are working on overtime to meet fundamental security standards outlined in the DISA’s Security Technical Implementation Guides (STIGs), NIST Special Publication 800-53, 8500.2, and AR25.2.   There’s no wonder why. A combination of insufficient or long-awaiting funding, political bickering, lack of clarity in the guidance and the lack of a real timeline for implementation has caused a lot of confusion and waste in time and money.  There is also so much hype around new technologies that will protect from the latest threat. Just considering what’s in the market now is full time job takes time and attention away from basic infrastructure management. Every week a new firewall, anti-malware, anti-spam, APT, AV, IPS promise to mitigate risk, thwart attack.

You Can’t Secure What You Can’t See (Part 2)

Posted by Security Steve on May 26, 2014

Before going back to home security analogies I think I may stick with airports because of another story in the news recently that has some parallels with the next security control I was going to discuss - SANS Critical Security Control #2 - inventory of software (and detection when unapproved software is used).

You Can’t Secure What You Can’t See

Posted by Security Steve on May 19, 2014

When I started formulating this series of blog entries in my head I was going to build some analogies between home security fundamentals  and a high impact information security control, but a recent headline in the news fit pretty closely with the first control I wanted to discuss in the series - SANS Critical Security Control Area #1 - maintaining an inventory of what is on your network (and more importantly receiving timely notification when something appears on the network not in the inventory) so I figured I'd veer a little off track for this chapter.

Key Changes In This Year's Verizon DBIR

Posted by Trevan Marden on May 12, 2014

Since the 2014 Verizon Data Breach Investigations Report was released last week, you’ve likely been flooded with stats and findings from the report. The report does contain a vast array of fascinating data for even the most casual in the cyber security field – from pondering the renaissance of RAM scraping during the ‘year of the retailer breach’ to debating the ebb and flow of trends in criminal motivation such as financial gain and ideology. However, the most significant development I observed in this year’s report was a change in the report itself.

Study Shows Retail Data Breaches are Affecting Consumer Trust

Posted by Vijay Basani on May 7, 2014

The massive amount of data breaches at major retailers is enough to send the consumer elsewhere according to a new study which examined the potential loss of business caused by data breaches, specifically those occurring in the retail, healthcare and financial sectors.

Security Best Practices – It’s the Right Thing to Do

Posted by Security Steve on May 5, 2014

As a practitioner of information security I found it pretty amazing that in a recent information security survey conducted by EiQ, that more than 50% of the respondents said that said they were not confident that their existing security measures would detect a breach. It is becoming painfully aware, because of all the companies that are being breached, that the time for all companies that have sensitive electronic records to get more serious about information security. Next question is - where to start?

University Data Breaches: Bolstering Security with Automated Controls

Posted by Vijay Basani on Feb 26, 2014

The recent spate of cyber attacks on U.S. educational institutions and places of higher ed have raised concern in the security community given the fact that many schools have recently tried to improve their security posture with a security overhaul. Further bolstering is  obviously needed.

Most Recent Posts

Subscribe to Email Updates