The NuHarbor Notice
10 Application Security Authentication Requirements
By: Justin Fimlaid Authentication is a critical piece of any application. It’s also always the piece of security architecture that is commonly attacked, so it’s important to get it right. When we talk about authentication it’s the act of establishing that someone or...
read more
Information Security Staffing Guide
By: Justin Fimlaid Many companies struggle to make the decision on when to hire Information Security or Cybersecurity staff. This is a collection and benchmark from 250 different companies from different industry verticals on how they choose to staff security teams...
read more
Do I need a SOC2 Report?
By: Justin Fimlaid Have you been thinking about getting a SOC2 report? Are you unsure whether you should do a SOC2 Type 1 or a SOC2 Type 2? Confused about which trust service principle to go after? If yes then read on. A SOC2 Report stands for Service Organizational...
read moreNuHarbor Security Partners with Palo Alto Networks
Contact Scott Mosher Vice President (802) 881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE NuHarbor Security Partners with Palo Alto Networks Essex Junction, VT – February 20, 2019: NuHarbor Security became a Palo Alto Networks® NextWave Innovator Channel...
read more
Your Black-Box MSSP Might be Dead
By: Justin Fimlaid I've said it a lot over the last couple years, the legacy black-box Managed Security Services Provider (MSSP) model is dying a slow death. I wish I had a nickel for each time I heard someone say they are dissatisfied with their black-box MSSP. ...
read more
How Vendor (3rd Party) Security Assessments can help you build a better security program
How Vendor (3rd Party) Security Assessments can help you build a better security program By: Justin Fimlaid Are you thinking about Vendor (3rd Party) Security Assessments? Aspirations to build onto your Vendor Security Assessment program? Why wouldn't you -- you go...
read more
CISO Security Metrics: Proving Business Value
By: Justin Fimlaid A lot of folks ask me about security metrics. "Help me with security metrics!" "I need security metrics!" My response, "Well, what are you trying to track?" "What are you trying to achieve with the security metrics?" "What story do you want to...
read more
The Difference Between a Controls Assessment and a Risk Assessment
By: Kristof Holm We’ve written several blogs on risk assessments and controls assessments. However, these two terms are often co-mingled, used interchangeably, or incorrectly. Unfortunately, it’s very easy to do this and often if we aren’t careful even professionals...
read more
3 Ways to Cure a Security Shelfware Hangover
By: Justin Fimlaid When it comes to Security Technology and Security Technology configurations -- let's say "I've seen some head scratching stuff". I see some shops with all the toys and in some cases multiple pieces of the same security technology, other security...
read more
NIST 800-37 Rev 2 Risk Management Framework – Major Changes
By: Justin Fimlaid The NIST 800-37 Revision 2 was published on December 20, 2018. There were not many material changes rather some minor enhancements to align with recent federal mandates: DSB 2013 Executive Order (E.O.) 13800 OMB Memorandum M-17-25 OMB Circular...
read more
What’s the Difference Between Splunk Enterprise Security and Security Essentials?
By: Justin Fimlaid If you are looking to leverage Splunk for Security, there's a couple ways to approach this task. In this post I'll be explaining some of the differences between Splunk Enterprise Security and Security Essentials. What is Splunk? Splunk...
read more
Quickstart Guide: NIST Cybersecurity Framework
By: Justin Fimlaid In my previous post there’s a big difference between a security assessment and a security program review. The NIST Cybersecurity Framework is a leader and go-to in developing a security program. The NIST Cybersecurity Framework is broken down into...
read more
2 Questions to Determine if a Security Program Review or Security Assessment is Better for your Company
By: Justin Fimlaid The beginning of the year is a great time to review your security posture. You have many options available to you as to how you conduct security review. The most common ways that we see companies approach a review of their security program generally...
read more
Transactions or Relationships – what is better for your business?
By: Scott Mosher As business needs change and technology advances, partners have taken on larger roles within organizations. Because senior-level management must produce more with fewer internal resources, they seek to increase productivity while reducing cost within...
read moreNuHarbor Security Named One of the “Best Entrepreneurial Companies In America” By Entrepreneur Magazine’s 2018 Entrepreneur360 List
Contact: Scott Mosher Vice President 802-881-4224 smosher@nuharborsecurity.com FOR IMMEDIATE RELEASE Essex Junction, VT – January 2, 2019: NuHarbor Security was recently recognized as one of the “Best Entrepreneurial Companies in America”. NuHarbor is the sole company...
read more