David Forrestall

/David Forrestall

About David Forrestall

This author has not yet filled in any details.
So far David Forrestall has created 85 blog entries.

Cyber Security Budgeting for 2020

It is time to update our annual Cyber Security Budgeting advice.  I just lead an exercise at a conference where folks had limited budgets and needed to determine the best places to spend their Cyber Cash.  As I reviewed what we have adapted over the years, much of it is still the same.  We continue to become more dependent on technology composed of applications, operating systems, processors, storage, and connectivity.  IoT, autonomous vehicles, 5G, Huawei, and other new things continue to proliferate, but we still apply the same principles to protect ourselves.   So, what is new this year? The proliferation [...]

By | 2019-08-29T07:00:47-05:00 August 29th, 2019|Uncategorized|Comments Off on Cyber Security Budgeting for 2020

New York DFS – 23 NYCRR 500 Compliance

Checklist for Compliance In response to the increasing threats of cybercriminal activity and as an effort to protect Non-Public Information (NPI) held by entities under its jurisdiction, the New York State Department of Financial Services (DFS) implemented a cybersecurity regulation, 23 NYCRR 500. It has twenty-three Sections and went into effect on March 1, 2017. There are designated “Transition Periods,” but the last one expires on March 1, 2019. A few key things to consider when looking at this Regulation: It applies to Covered Entities, which include those operating under NY Banking Law, Insurance Law, or Financial Services Law – [...]

By | 2019-02-28T14:30:54-05:00 February 28th, 2019|Compliance, Computer & Network Security, Uncategorized|Comments Off on New York DFS – 23 NYCRR 500 Compliance

Budgeting for Cyber Security for 2019

Cyber-Security Budgeting is a Layered Approach Cyber-Security is arguably the hottest market right now.  Organizations are now willing to spend $$ now more than ever to avoid becoming the next headline.  When planning, it is easy to focus on available products that vendors are spending millions of dollars to push at us every day.  Products are required, but it is the process around these that keep you secure.  Best practices in security follow a layered approach, and budgeting is no different.  Where should you focus your efforts? The Basic Layers:  Reduce Known Risks These are not sexy, but neither is [...]

By | 2018-12-07T16:21:40-05:00 July 31st, 2018|Information Security, Uncategorized|Comments Off on Budgeting for Cyber Security for 2019

WannaCry – Worldwide Ransomware Attack – Updated

A widespread ransomware attack has spread across the globe infecting tens of thousands computers in as many countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in many languages.  There have been several versions and updates, but the ways to protect remain the same.  Recently, a decryption tool has been discovered – see here. Technical Details Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through a Remote Desktop Protocol (RDP) compromise or the exploitation of a critical Windows SMB vulnerability.  Microsoft [...]

By | 2017-05-24T14:02:22-05:00 May 13th, 2017|Uncategorized|Comments Off on WannaCry – Worldwide Ransomware Attack – Updated

Law Firm Breach Used for Insider Trading Profit

Three Chinese citizens are charged for insider trading after allegedly making $4 million by using information obtained from Law Firms.  The breach has to do with stolen credentials and malware planted within Firm systems - a very common tactic.  The Law Firm names have not been released yet.  Firms are typically diligent with Banking and Healthcare data, but this breach had to do with a merger that was in the works.  The hackers bought shares before the announcement and profited from the stock increase.  This highlights the need for more than just basic cyber security products.  A more disciplined approach [...]

By | 2016-12-30T13:19:30-05:00 December 28th, 2016|Computer & Network Security, Data Breach, Information Security, Social Engineering|Comments Off on Law Firm Breach Used for Insider Trading Profit

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

In the first post I covered best practices for securing service accounts.  In this post, I am going to discuss some key elements in securing priveleged access.  Keep in mind, Microsoft has published a comprehensive guide to securing an Active Directory. Keep in mind that many of these things will require additional work on the front end, but that is usually due to poor existing practices.  Once processes are in place, these key components should not add significant overhead to administrative tasks. No users should regularly reside in Domain Admins (DA) or Enterprise Admins (EA) groups Straight from the horse's mouth: As [...]

By | 2016-03-21T09:57:50-05:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2

Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

I recently had a client ask me about our recommendations for securing service accounts within Active Directory.   We talked for a bit, and then I decided to write them down.  This post will have two parts, the first part is for Service Accounts and then the second post will be about privileged accounts. What is the minimum privilege needed? If the account will only use local resources on a single device, use a local account on that device. If the account needs permission to see users, computers, groups etc use a domain service acct. When only read access to [...]

By | 2016-02-18T11:02:18-05:00 February 18th, 2016|Asset Management, Compliance, Computer & Network Security, Microsoft|Comments Off on Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1

2015 Cyber Security Awareness Month

What is Cybersecurity? According to US-CERT, "The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation." In other words, it is the people, processes and technology that manage or maintain the Integrity, Availability, and Confidentiality of the systems and data with which an organization functions.  Many times these roles are shared with IT which in turn can come with its own challenges.  Often times, IT is focuses solely on availability, or up-time and ease of use, and both [...]

By | 2015-10-02T09:15:18-05:00 October 2nd, 2015|Compliance, Computer & Network Security, Information Security, Research|Comments Off on 2015 Cyber Security Awareness Month

Third Party Apps: Consider The Risks

What are 3rd party tools? Everyone, from individuals to enterprises, uses third party tools and applications on their workstations, servers and mobile devices.  Some examples are Adobe Reader, Java, WinRAR, and many more.  They are applications that are run or installed, but are typically not centrally managed by your organization. Why are they important to an organization? Many times these tools are required to carry out critical job functions.  These can be running applications that require Java applets, fax services, custom written applications and so on. What risks can they introduce? Since these applications are usually not centrally managed, their [...]

By | 2015-10-01T09:22:47-05:00 October 1st, 2015|Adobe, Compliance, Computer & Network Security, Java, Vulnerabilities|Comments Off on Third Party Apps: Consider The Risks

iOS Malware – The Sky Is (not) Falling!

By now you should have heard that malware has been detected in apps available from Apple's App Store.  (Let's take a short break to let the rival Android users stop chuckling)  Should you be panicked?  Should you contact your IT department and have them wipe all of your company's iPhones?  Should you rush home and trade your teenager's iPhone for an old Samsung flip phone?  No, you shouldn't - the Appleocalypse is not upon us.  (except maybe for the last one - have you seen the trouble teenagers can get into on smart phones?  Sheesh!) Because this is somewhat of [...]

By | 2015-10-02T08:40:54-05:00 September 26th, 2015|Apple, Computer & Network Security|Comments Off on iOS Malware – The Sky Is (not) Falling!