The NuHarbor Notice
NuHarbor Security Doubles Staff, Moves to Larger Space
Colchester, VT – October 1, 2019: NuHarbor Security, a premier cybersecurity service provider, moved from Essex to Colchester, VT. The move punctuated a year of incredible growth. In 2019, NuHarbor doubled its staff to meet the demand for its services.The new space is...
Exim Server Vulnerabilities
By: Justin Fimlaid What is an Exim server? An Exim server is a mail transfer agent used on Linux like operating systems. Exim is a free software and used by as much as 57% of the Internet email servers. Over the past couple weeks it has been noted that a heavy amount...
What is an ISO 27001 Information Security Management System (ISMS)?
By: Justin Fimlaid What does it mean when ISO 27001 references an ISMS? An ISMS stand for Information Security Management System. This essentially means that it is a programmatic structure that allows you to build a security framework and controls specific to and...
What is a SHA-1 Collision Attack?
By: Justin Fimlaid What is SHA-1 and what is the history of SHA-1? Originally SHA-1 was developed as part of a U.S. government capstone project. The first version of SHA was SHA-0 and that was developed in 1993 as the Secure Hash Standard. SHA-0 was originally...
4 Things To Know About The Ohio Data Protection Act
By: Justin Fimlaid The Ohio Data Protection Act was passed in August of 2018 and went into effect as of November 2018. What's unique about this data protection law is that it's unlike recently passed privacy legislation recently seen in California and Colorado. 1....
Building a Vulnerability Management Program with the End in Mind
By: Justin Fimlaid Thinking about building a vulnerability management program? Unsure where to start? Unclear as to why your program might not be working? For some organizations, thinking about the end goal of the vulnerability management process can help provide...
Quick Start: Tenable IO Architecture
By: Justin Fimlaid Are you looking to build your vulnerability management program using Tenable's products? If so, this is a quick start guide to get orientated with the Tenable.IO suite. What is Tenable IO? Tenable IO is Tenable's cloud scanner or SaaS platform. ...
Tenable IO Sensor Deployment Best Practices
By: Justin Fimlaid Tenable IO Sensor Deployment Every organization has needs that will be somewhat different from another related to their vulnerability management program. This can vary from the scanner used (cloud or on premise), the places where sensors are...
Open Banking Directive and Securing Web Application Vulnerabilities
By: Justin Fimlaid If you haven't heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It's significant for U.S. based banks, because this Directive could apply pressure...
How does Estonia’s e-Voting work?
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia's electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia's e-Government initiative, security is a...
Building a Security Operations Center with Splunk
By: Justin Fimlaid Technology is making it easier to build your own SOC Many organizations are considering building their own security operation center. This desire to do-it-yourself style security operations center marks a change in the industry. There is a variety...
Building on People, Process, and Technology
By: Justin Fimlaid For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The term people, process, and technology fundamentally suggests the destination and solution is...
PCI Data Security Standard 4.0
By: Justin Fimlaid You’ve probably heard the rumors. The PCI Council is prepping to release the PCI Data Security Standard 4.0. To date the actual proposed changes have been kept private to the PCI-SSC stakeholders (so limited viewing). The PCI-SSC stakeholders...
10 Application Security Authentication Requirements
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
Information Security Staffing Guide
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...