Expert Advice: Is CISSP Worth It?

CISSP, which stands for Certified Information Systems Security Professional, is the gold standard for security certifications and an internationally acknowledged benchmark for infosecurity professionals. As you might expect, therefore, becoming a CISSP requires a great deal of time and effort, from studying the Common Body of Knowledge and completing other training to gaining sufficient professional … Continued

Sysadmin under Fire Game Winners

This August, sysadmins from all over the world were playing a game in which they had to get past hundreds of users with their annoying requests and get to a meeting with the boss as quickly as they could. Today, the 5 fastest players are each getting a $25 Amazon gift card! Here are the … Continued

SysAdmin Magazine: Hardening Windows Server Security

It’s time to face a harsh truth of IT life: Your network is almost certainly going to be breached. Best practices now recommend adopting an “assume breach” strategy for as the way to reduce security risks to your environment. According,  the August edition of SysAdmin Magazine focuses on Windows Server security, detailing a mix of … Continued

Auditing Windows Systems

Continuously auditing the activity in your network is one of the most critical security best practices, since it helps you notice potentially malicious activity early enough to take action and prevent data breaches, system downtime and compliance failures. Top methods of Windows auditing include: Event Logs and Event Log Forwarding Auditing and Advanced Auditing Audit … Continued

Hyper-V Security in Windows Server 2016

Administrator accounts work differently in virtualized environments than they do in physical ones. In particular, in a physical environment, administrative roles, such as storage administrator, network administrator, backup operator, and virtualization-host administrator, have limited or isolated rights. In contrast, in a virtual infrastructure, each of these roles with permissions to manage the physical infrastructure might … Continued

[Infographics] Cloud Security Risks in the Financial Sector Explained

There is a lot of ongoing buzz in the media about the attractiveness of cloud technology for financial organizations — and the cybersecurity challenges that come with it. The benefits of cloud use include increased flexibility, agility and cost reduction; in fact, IDC Financial Insights calculates that the biggest global banks will save $15 billion … Continued

Protecting Credentials in Windows Server 2016

Credentials are the keys to an account. By harvesting credentials, attackers can enter your network, move laterally and escalate their privileges to steal your data. Windows Server 2016 has several features for minimizing the chance that attackers will be able to harvest credentials; they include: Protected Users group Account preferences User Accounts Computer Accounts Service … Continued

How to Calculate Return on Security Investment

During my 20+ year career in IT, I have been involved in projects from many different angles. I have been an end user and a consultant; I have managed technology and I have sold it. But throughout it all, there has been one constant challenge:  How to assess the return on investment for a technology … Continued

How to Create an Effective Information Security Risk Management Program

If you are responsible for corporate information security risk management, we both know your job is tough. Businesses keep generating large volumes of data, IT systems are increasingly complex, and cyber threats continue to evolve. What you have to deal with may sometimes look like an endless number of challenges, and your budget and resources … Continued