Security
Prevalent-Blog-Logo

It’s the 21st century – your cyber-security assessments cannot afford the “one and done” approach of yesterday.

Modern information systems, comprised in large part by computer networks, contain a myriad of intertwined technologies – databases, applications, networking devices, web services and email just to name a few. All of these technologies are provided by diverse platforms at various release levels. Throw human users with varying roles and privileges into the mix and the resulting level of complexity makes an effective information security program an imposing challenge. Businesses are feeling the pressure of meeting the needs for global connectivity, e-commerce transactions, and online business-to-business communications while maintaining security programs to protect their information assets. Privileged account control, patch management, configuration management, and data backup are some of the hurdles to be cleared.

(more…)

Read More
Prevalent-Blog-Logo

Ok, so you did everything right… you sent your vendor a Standard Information Gathering (SIG) scoped based on data and service type, you analyzed the responses, decided to perform an on-site assessment using the Agreed Upon Procedure (AUP), and helped identify security gaps that needed to be addressed. Everything seemed to be aligned with your risk management process and you were seeing progress… but then your vendor’s core software got breached and your customer data was exposed. You hadn’t focused heavily on the software security since this wasn’t generally in your purview and the basic information you had received back from the SIG seemed to indicate appropriate security controls were in place. You started wondering what had gone wrong and what you could have done differently.

(more…)

Read More