The NuHarbor Notice
Exim Server Vulnerabilities
By: Justin Fimlaid What is an Exim server? An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount...
read more
What is an ISO 27001 Information Security Management System (ISMS)?
By: Justin Fimlaid What does it mean when ISO 27001 references an ISMS? An ISMS stand for Information Security Management System. This essentially means that it is a programmatic structure that allows you to build a security framework and controls specific to and...
read moreWhat is a SHA-1 Collision Attack?
By: Justin Fimlaid What is SHA-1 and what is the history of SHA-1? Originally SHA-1 was developed as part of a U.S. government capstone project. The first version of SHA was SHA-0 and that was developed in 1993 as the Secure Hash Standard. SHA-0 was originally...
read more
4 Things To Know About The Ohio Data Protection Act
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What's unique about this data protection law is that it's unlike recently passed privacy legislation recently seen in California and Colorado. 1....
read more
Building a Vulnerability Management Program with the End in Mind
By: Justin Fimlaid Thinking about building a vulnerability management program? Unsure where to start? Unclear as to why your program might not be working? For some organizations, thinking about the end goal of the vulnerability management process can help provide...
read more
Quick Start: Tenable IO Architecture
By: Justin Fimlaid Are you looking to build your vulnerability management program using Tenable's products? If so, this is a quick start guide to get orientated with the Tenable.IO suite. What is Tenable IO? Tenable IO is Tenable's cloud scanner or SaaS platform. ...
read more
Tenable IO Sensor Deployment Best Practices
By: Justin Fimlaid Tenable IO Sensor Deployment Every organization has needs that will be somewhat different from another related to their vulnerability management program. This can vary from the scanner used (cloud or on premise), the places where sensors are...
read more
Open Banking Directive and Securing Web Application Vulnerabilities
By: Justin Fimlaid If you haven't heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It's significant for U.S. based banks, because this Directive could apply pressure...
read more
How does Estonia’s e-Voting work?
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia's electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia's e-Government initiative, security is a...
read more
Building a Security Operations Center with Splunk
By: Justin Fimlaid Technology is making it easier to build your own SOC Many organizations are considering building their own security operation center. This desire to do-it-yourself style security operations center marks a change in the industry. There is a variety...
read more
Building on People, Process, and Technology
By: Justin Fimlaid For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The term people, process, and technology fundamentally suggests the destination and solution is...
read more
PCI Data Security Standard 4.0
By: Justin Fimlaid You’ve probably heard the rumors. The PCI Council is prepping to release the PCI Data Security Standard 4.0. To date the actual proposed changes have been kept private to the PCI-SSC stakeholders (so limited viewing). The PCI-SSC stakeholders...
read more
10 Application Security Authentication Requirements
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
read more
Information Security Staffing Guide
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
read more
Do I need a SOC2 Report?
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
read more