The NuHarbor Notice
Open Banking Directive and Securing Web Application Vulnerabilities
By: Justin Fimlaid If you haven't heard of it there is a new banking directive in the U.K. called the Open Banking Directive. This directive went into effect on January 13, 2018. It's significant for U.S. based banks, because this Directive could apply pressure...
read more
How does Estonia’s e-Voting work?
By: Justin Fimlaid First things first, if you are interested in elections security have not heard of Estonia's electronic voting system I’d encourage you do some research starting with this blog post. There is a lot to Estonia's e-Government initiative, security is a...
read more
Building a Security Operations Center with Splunk
By: Justin Fimlaid Technology is making it easier to build your own SOC Many organizations are considering building their own security operation center. This desire to do-it-yourself style security operations center marks a change in the industry. There is a variety...
read more
Building on People, Process, and Technology
By: Justin Fimlaid For a long time our industry has been saying that addressing people, process, and technology will solve some of the hardest problems in cybersecurity. The term people, process, and technology fundamentally suggests the destination and solution is...
read more
10 Application Security Authentication Requirements
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
read more
Information Security Staffing Guide
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
read more
Do I need a SOC2 Report?
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
read moreNuHarbor Security Partners with Palo Alto Networks
Contact Scott Mosher Vice President (802) 881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE NuHarbor Security Partners with Palo Alto Networks Essex Junction, VT – February 20, 2019: NuHarbor Security became a Palo Alto Networks® NextWave Innovator Channel...
read more
Your Black-Box MSSP Might be Dead
By: Justin Fimlaid I've said it a lot over the last couple years, the legacy black-box Managed Security Services Provider (MSSP) model is dying a slow death. I wish I had a nickel for each time I heard someone say they are dissatisfied with their black-box MSSP. ...
read more
How Vendor (3rd Party) Security Assessments can help you build a better security program
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn't you -- you go...
read more
CISO Security Metrics: Proving Business Value
By: Justin Fimlaid A lot of folks ask me about security metrics. "Help me with security metrics!" "I need security metrics!" My response, "Well, what are you trying to track?" "What are you trying to achieve with the security metrics?" "What story do you want to...
read more
The Difference Between a Controls Assessment and a Risk Assessment
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
read more
3 Ways to Cure a Security Shelfware Hangover
By: Justin Fimlaid When it comes to Security Technology and Security Technology configurations -- let's say "I've seen some head scratching stuff". I see some shops with all the toys and in some cases multiple pieces of the same security technology, other security...
read more
NIST 800-37 Rev 2 Risk Management Framework – Major Changes
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...
read more
What’s the Difference Between Splunk Enterprise Security and Security Essentials?
By: Justin Fimlaid If you are looking to leverage Splunk for Security, there's a couple ways to approach this task. In this post I'll be explaining some of the differences between Splunk Enterprise Security and Security Essentials. What is Splunk? Splunk...
read more