CIS Controls: Hardware Asset List

/

#1 on the CIS security controls top 20 list is an “inventory and control of hardware assets.” Will refer to it as a hardware asset list for this post. While a lot of organizations do have a form of a hardware asset list, most lists are incomplete and missing simple items like keyboards and mice (more on that later). Of course there are some organizations that do not have a list at all. I’ll cover reasons why I think a hardware asset list is important for every organization to have as well as point out a few items that are often missing from hardware asset lists.

Read More

CIS Controls: Software Asset List

/

#2 on the CIS security controls top 20 list is an “inventory and control of software assets”.  While there are several reasons why this is an important control to have in place, most organizations do not have one. Here are a few of the main reasons I feel a software asset list is important for every organization to have. Hopefully these key points will help security/compliance professionals provide the justification they need to get a software asset list on the roadmap to complete.

Read More

Test, retest, re-retest, and then prove it works

/

It amazes me just how many people I see in infosec, and IT in general, that simply don’t test (or prove something functions correctly).  I would argue it is one of the most important aspects in our day-to-day activities and it just doesn’t get the attention it so deserves.  You should always test, re-test, re-re-test, then test again.

Read More