Optiv Blog

Cyber Security Careers

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

2017 has been a very busy year for cyber security professionals. It seems weekly, if not daily, news breaks of a new data breach or intrusion of critical systems. Among others, WannaCry, Petya, NotPetya and Brickerbot malware has been introduced from multiple threat actors across multiple global sectors.

Continue reading 0 Shares

PCI Compliance Every Day – Requirement 11

· By Jeff Hall · 0 Comments

The most widely known requirements in PCI DSS 3.2 section 11 with a timing implication are the quarterly external and internal vulnerability scans (11.2). External vulnerability scans are required to be done by an approved scanning vendor (ASV). Internal vulnerability scanning can be done by anyone that is deemed qualified to perform the scanning (as defined by the Penetration Testing Information Supplement).

Continue reading 0 Shares

Predictions for Tomorrow’s Internet

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

Currently, an estimated 6.4 billion Internet-of-Things (IoT) devices are connected, with 67 percent residing in North America, Western Europe and China. By the end of 2017, IoT growth is predicted to continue with an explosive 8.4 billion connected devices with a high concentration in electric utility and commercial security applications

Continue reading 0 Shares

From the Boardroom to the Breakroom: Cyber Security in the Workplace

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

Key steps to cyber security in the workplace include establishing and maintaining a “security culture” in which company networks and the data they hold are protected from internal and external risk. Top-tier executives must show a commitment to the process by encouraging responsible use of company IT systems, meaningful participation in cyber security awareness and training programs, and protection from current cyber threats.

Continue reading 0 Shares

Online Safety - Simple Steps

· By Security Communications and Awareness Team, Jeff Stanley · 0 Comments

From cyber bullying to obtaining personal and sensitive information through phishing campaigns, harm lurks in many corners of the Internet. With a few simple steps, anyone connected can improve their personal security, making their online activities safer.

Continue reading 0 Shares

PCI Compliance Every Day – Requirement 7

· By Jeff Hall, Scott Chimner · 0 Comments

This post focuses on PCI DSS requirement seven; restricting access to cardholder data and in-scope system components based on the “need to know” and/or the principle of “least privilege.” “Need to know” as defined in the PCI DSS is “when access rights are granted to only the least amount of data and privileges needed to perform a job.”

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 20

· By Joshua Platz · 0 Comments

Test the overall strength of an organization’s defenses (the technology, the process and the people) by simulating the objectives and actions of an attacker.

Continue reading 0 Shares

DEF CON is Here: A Reminder to Manage and Remediate Security Vulnerabilities of Your Third Parties

· By James Robinson · 0 Comments

Every year I like to take a look at the talks at Black Hat and DEFCON to see if there are areas of risk I need to review. This year, like others, has focused on different hacking and defensive techniques. It also included a theme on cloud components as well as IoT, and new vulnerabilities within both. If your organization develops these products, you have the ability to talk with the development teams and review the devices for the vulnerabilities.

Continue reading 0 Shares

Indicators of Compromise (IOCs) are Not Intelligence

· By Ken Dunham · 0 Comments

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence but are important data points within the intelligence process. Meta-data is a better way to think about how to connect the dots between assets, threats, threat agents, counter-measures and other variables that factor into cyber threat intelligence.

Continue reading 0 Shares

Update: Intelligence Advisory – Petya Outbreak

· By gTIC · 0 Comments

This is an update to the Intelligence Advisory: Petya Ransomware Outbreak - released June 27, 2017. Optiv’s Global Threat Intelligence Center (gTIC) received several sources pertaining to the newly created Petya ransomware strain. This new strain is being referenced as GoldenEye, Petyawrapper, NotPetya, SortaPetya, and Petna.

Continue reading 0 Shares
(333 Results)