By Hanna Pickering | SE Virtual CIO Many people think of an Information Security Program (ISP) as a collection of policy documents that state how an organization and its people will behave in order to comply with applicable regulations (such as HIPAA, GLBA, and FINRA). However, it’s no longer just about proper documentation, it also encompasses… Read more »
Systems Engineering Blog
Posts Categorized: IT Security
Email: To Trust, or Not to Trust?
By Kyla Morse | SE Help Desk Has anyone at your organization ever received an e-mail that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from a tax preparer sending completed tax returns, but in the month of August; or… Read more »
Defending the Corporate Network From Cybercrime
Networks are increasingly being exposed to a variety of attacks that have the potential to lead to a data breach, network disruption, compromise of sensitive data or theft. Read SE’s article in New Hampshire Business Review magazine here.
Phishing Tactics that Work
In 2013, the SANS Institute reported that 95% of all successful attacks begin with a spear phishing email. Two recent and well publicized attacks, the Anthem breach and the Carbanak Bank robbery, can be traced back to spear phishing emails. While your organization may not be a large enterprise like these, you can be used… Read more »
SE Lunch & Learn: Data Breach Reality Event Recap
Systems Engineering’s Lunch & Learn: “When Risk Becomes Reality – Responding to a Data Breach” was recently held in Bangor and Portland, Maine and Bedford, New Hampshire. This event gave participants a chance to safely experience and respond to a security breach through hands-on, facilitator lead exercises. Cybercrime is a big business. It is estimated… Read more »
SE Alert – Freak SSL Vulnerability
Recently, news came out of a newly discovered vulnerability dubbed “Freak” that could trick your device into using weak encryption and thereby making it more susceptible to an attack. Initially it was reported to be limited to Android and Apple devices but by Friday it was expanded to include all supported versions of Microsoft Windows. While… Read more »
Practical Tips That Improve Network Security
In their November 2014 Threat Report, McAfee reported detecting over 307 new threats every minute in the third quarter of this year. The purpose of this article is not to explain the rapid growth in threats, other than to state that it’s clear that cybercrime has become an organized industry, but to describe additional measures… Read more »
Congratulations to UMS on Their NSA & DHS Recognition
Systems Engineering would like to congratulate the University of Maine System on achieving designation as a National Center of Academic Excellence in Information Assurance/Cybersecurity. Read the full press release here or to learn more about the Maine Cyber Security Cluster click here.
SE Alert: WinShock Zero-Day Vulnerability
On Tuesday, November 11, 2014, Microsoft announced a recently discovered vulnerability in all versions of the Windows operating system at the same time they released an update to fix this. The IBM researcher who discovered it reports that “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and… Read more »
CryptoWall Preventative Steps
CryptoWall continues to infect and plague both companies and consumers. At this point it is estimated that tens of thousands of machines have been infected and that the perpetrators of CryptoWall have sent millions of emails. While anti-virus software can block some variants of CryptoWall the speed with which criminals are releasing new variants makes… Read more »