What can we learn from these government agencies that are failing external audits in protecting our data?

[vc_row type=”grid” video_bg=””][vc_column width=”2/3″ dp_animation=””][vc_column_text dp_animation=””]

What can we learn from these government agencies that are failing external audits in protecting our data?

[/vc_column_text][/vc_column][vc_column width=”1/3″ dp_animation=””][/vc_column][/vc_row][vc_row type=”grid” video_bg=””][vc_column width=”1/3″ dp_animation=””][vc_column_text dp_animation=””]From Charles Robbins[/vc_column_text][space size=”30″][/vc_column][vc_column width=”1/3″ dp_animation=””][vc_column_text dp_animation=””]August 30, 2021

What can we learn from these government agencies that are failing external audits in protecting our data? In general, these agencies “consistently failed to implement certain key cybersecurity requirements including encryption of sensitive data, limiting each user’s access to the information and systems needed to perform their job, and multi-factor authentication”. From reading through these three simple tasks, at your organization, it begins with an assessment. We contact the platform developer to get their CSF certification, the data on their penetration tests and their encryption standard. Oh, if you are at a government agency or large enterprise, the developer is missing all three. Failure point 1.[/vc_column_text][/vc_column][vc_column width=”1/3″ dp_animation=””][vc_column_text dp_animation=””]In your assessment, you check 25 random accounts. In the first five you have checked, the users have too much access and have not met their security credentials requirements and training. Failure point 2. In the assessment, we can use their station under our login and there is not 100% MFA. Failure point 3. This type of audit does not need to take expensive external teams to find your problems. Any executive can do this inspection. We do ask executives all the time why they are not aware of these issues. Once leaders start to get control of their own departments, they can fix the data security issues by applying the NIST standard.[/vc_column_text][vc_separator css=”.vc_custom_1629903638689{padding-top: 18px !important;padding-bottom: 24px !important;}”][vc_column_text dp_animation=””]Related article: A new Senate report: Federal cybersecurity gets a C- | Popular Science (popsci.com)[/vc_column_text][vc_empty_space][vc_column_text dp_animation=””]

TechR2 does ISO 31000 Assessments for our clients and for IBM’s clients.

[/vc_column_text][/vc_column][/vc_row][vc_row type=”grid” video_bg=””][vc_column dp_animation=””][vc_separator][/vc_column][/vc_row][vc_row type=”grid” video_bg=””][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-left”][/vc_column][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-right”][/vc_column][/vc_row]

Tags

What do you think?

Related articles

Datacenters are a cybersecurity target

I’m a recovering intelligence officer. I’m always a recovering intelligence officer for one trauma or another. And I’ve had the benefit, the pleasure, the honor to apply a lot of those skills I use in defense of our nation in the commercial section and in the commercial world as well, rising all the way to chief operating officer of a company that I thought was pretty obscure.

Read more

Loss of data hurts everyone

Whether I’m a nation state targeting data, whether I’m a criminal enterprise targeting data, or a transnational organization targeting that, that data is valuable. And while it’s valuable to me, there is a negative externality to the people that I’m taking it from as well. It’s not a victimless crime, right?

Read more

Datacenters are the obvious target

Anybody ever watch storage wars?
You can go on the dark web and buy drives like you were buying a storage unit. “I’ll give you a thousand dollars for that storage unit”. I know there’s got to be a couple thousand bucks worth of stuff in it. Your data out there is the same way.

Read more
Contact us

Why risk it alone?
Get started today.

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.
Your benefits:
What happens next?
1

Schedule a call at your convenience

2

We do a discovery and consulting meeting 

3

We prepare a proposal 

Schedule a Free Consultation