RSI Security

Blog

  • Top 10 Network Security Threats

    Top 10 Network Security Threats

    Network security is continually becoming an area of tremendous focus for companies of all sizes. Whether you’re a corporation or a small-to-medium sized business (SMB), you’re a target for a variety of network attacks that can stop your business in its tracks.

    There are a plethora of network security threats that businesses should be aware of to ensure the continuous protection of their systems, software, and data. Let’s review what we believe to be the top 10 network security threats and solutions that you can use to protect your network from being compromised by these malicious attacks. (more…)

  • NIST Security Operations Center Best Practices

    NIST Security Operations Center Best Practices

    The NIST Security framework, formally known as the NIST Cybersecurity Framework (CSF), provides a structured and risk-based approach to protecting critical systems and data. For organizations operating a Security Operations Center (SOC), aligning with NIST security best practices strengthens detection, response, compliance, and overall cyber resilience.

    The NIST CSF is built around five core functions: Identify, Protect, Detect, Respond, and Recover. Together, these functions serve as a practical roadmap for building, auditing, and improving your SOC.

    In this guide, we explain:

    • NIST CSF SOC implementation

    • A complete security operations center audit checklist

    • How to perform a SOC gap assessment

    • Whether managed SOC services are right for your organization

    (more…)

  • NERC CIP Standards Summary: All Mandatory Requirements, Explained

    NERC CIP Standards Summary: All Mandatory Requirements, Explained

    Compliance with the NERC CIP standards is critical to mitigating cybersecurity risks to North America’s bulk electric system (BES), which is also known as the bulk power system (BPS). The NERC CIP provides a comprehensive list of security controls to help organizations effectively and securely operate the BES. Read our blog to get a sense of the NERC CIP standards summary. (more…)

  • What Are System Hardening Standards?

    What Are System Hardening Standards?

    Limiting the points of entry in an environment to as few as possible reduces the number of points that can be targeted for attacks, making that environment easier to secure. The same principle applies to system hardening standards. To implement them effectively, it’s critical to understand NIST’s recommendations and tailor your baseline to your organization’s needs. (more…)

  • 5 Steps of the Incident Management Lifecycle

    5 Steps of the Incident Management Lifecycle

    The Incident Management Lifecycle is a structured process designed to restore IT services as quickly as possible after disruption. Within the ITIL incident management lifecycle, organizations follow five critical steps to identify, track, prioritize, and resolve incidents while meeting service level agreements (SLAs).

    The 5 steps of incident management are:

    1. Incident Identification

    2. Incident Logging

    3. Incident Categorization

    4. Incident Prioritization

    5. Incident Response and Resolution

    Together, these steps form the foundation of an effective incident management process. Here’s how each stage works — and why it matters. (more…)

  • What Is Cryptography in Cyber Security: Types, Examples & More

    What Is Cryptography in Cyber Security: Types, Examples & More

    Cryptography in cyber security is one of the most important technologies used to protect sensitive data from unauthorized access. From HTTPS encryption on websites to database encryption in enterprise systems, modern organizations rely heavily on cryptographic methods to safeguard information.

    But what exactly is cryptography in cyber security — and how does it work?

    At its core, cryptography is the process of converting readable data (plaintext) into an unreadable format (ciphertext) using encryption algorithms and cryptographic keys. Only authorized users with the correct key can decrypt and access the information.

    In this guide, we’ll explain:

    • The types of cryptography

    • Symmetric vs asymmetric cryptography

    • How encryption and decryption work

    • Real-world examples of cryptography

    • The benefits of cryptography in network security

    (more…)

  • What are the 20 CIS Critical Security Controls?

    What are the 20 CIS Critical Security Controls?

    In 2008, the U.S. defense industry experienced one of the largest cyber intrusions in its history. That breach sparked a collaborative effort to define a prioritized, actionable cybersecurity framework. That effort eventually evolved into the CIS Critical Security Controls, now maintained by the Center for Internet Security (CIS).

    Today, the CIS Critical Security Controls (formerly known as the CIS Top 20) provide organizations with a proven roadmap for defending against the most common and damaging cyber threats.

    In this guide, we’ll break down all 20 CIS Critical Security Controls, explain why they matter, and outline how organizations can implement them effectively. (more…)

  • SSAE 18 type 2 vs SOC 2 Type 2 – What’s the Difference?

    SSAE 18 type 2 vs SOC 2 Type 2 – What’s the Difference?

    If you’re comparing SSAE 18 SOC 2 Type 2, you’re not alone. These terms are often used interchangeably, but they are not the same thing.

    Here’s the short answer:

    • SSAE 18 is an auditing standard issued by the AICPA.

    • SOC 2 Type 2 is a specific report performed under SSAE 18 that evaluates how controls operate over time.

    Understanding the difference is critical for service organizations that handle customer data and need to demonstrate trust.

    Let’s break it down clearly. (more…)

  • What is the NIST Cloud Computing Reference Architecture?

    What is the NIST Cloud Computing Reference Architecture?

    In September 2011, the National Institute of Standards and Technology (NIST) published Special Publication (SP) 500-292, titled NIST Cloud Computing Reference Architecture. This framework establishes a baseline for cloud computing architecture by defining services, stakeholders, and their interactions.

    Whether you’re implementing or reviewing your cloud infrastructure, understanding the NIST cloud architecture is essential to optimize your cloud security architecture and align with industry best practices. (more…)

  • How to Fill Out a PCI Compliance Questionnaire

    How to Fill Out a PCI Compliance Questionnaire

    Completing your PCI compliance questionnaire marks a necessary step in your efforts to demonstrate adherence to regulations overseeing credit card payments. According to the Payment Card Industry’s (PCI) Data Security Standards (DSS), businesses that process fewer than 6 million transactions annually must fill out and submit their yearly Self-Assessment Questionnaire (SAQ). With the right knowledge, anyone can learn how to fill out PCI compliance questionnaires. (more…)