RSI Security

Blog

  • What Is Smishing in Cyber Security & How To Prevent It

    What Is Smishing in Cyber Security & How To Prevent It

    Smishing attacks help cybercriminals gain unauthorized access to sensitive information like user credentials, social security numbers, and bank account numbers. So, what is smishing in cyber security? Smishing refers to short message service (SMS) phishing, where a perpetrator attempts to pretext an individual into divulging sensitive information via text messaging.  (more…)

  • Risk Management Enterprise-Level Solutions

    Risk Management Enterprise-Level Solutions

    IT departments often combine legacy systems and newer innovative technology. In-house servers may interface with applications and data on cloud-based platforms; employees may be working remotely and connecting to both the servers and the data. Access point vulnerabilities abound. Risk management enterprise solutions control the risks associated with all components of modern computing by strategizing and executing an Information Security Program Plan (more…)

  • What is Penetration Testing as a Service?

    What is Penetration Testing as a Service?

    Cyber threats are on every company’s radar, per KPMG’s 2021 CEO Outlook Report. Survey responses from 1,325 participating CEOs indicate that the technology, telecom, and banking industries are the most highly focused on preventing cyberattacks. However, that doesn’t mean everyone else is complacent. Cyber risks ranked #1 as the primary threat to future growth among all CEOs surveyed, and 67% plan to increase funding for threat detection and security innovation. Penetration testing as a service is one such innovation they’re turning to. (more…)

  • DoD Compliance, Explained: NIST 800-53 Rev 4, 800-171, and CMMC

    DoD Compliance, Explained: NIST 800-53 Rev 4, 800-171, and CMMC

    To secure Department of Defense (DoD) and other government contracts, organizations must demonstrate compliance with specific frameworks that help protect federal contract information (FCI) and controlled unclassified information (CUI), such as CMMC 2.0 and NIST SP 800-171. NIST SP 800-53 Rev 4 provides a complementary framework, but it’s not mandatory like the other two. Still, SP 800-53 substantially informs and maps to SP 800-171 and CMMC 2.0. (more…)

  • How to Implement a Data Breach Management Plan

    How to Implement a Data Breach Management Plan

    No organization wants to fall victim to a data breach. But in the ever-evolving landscape of information security and threats, it’s critical to be prepared for the possibility. To prepare for potential data breaches, your organization needs a cyber breach response plan that is developed specifically for the type of data your organization secures. (more…)

  • PCI DSS 4.0 Timeline: When Do You Need to Comply?

    PCI DSS 4.0 Timeline: When Do You Need to Comply?

    The PCI DSS 4.0 timeline began in March 2022, marking the official start of the transition period for organizations to meet the new compliance requirements. This latest version of the Payment Card Industry Data Security Standard (PCI DSS) introduces updated controls to strengthen data protection and reduce payment security risks. But what does this timeline mean for your organization, and how long do you have to achieve full PCI DSS 4.0 compliance? (more…)

  • Top Considerations for Zero Trust Network Implementation

    Top Considerations for Zero Trust Network Implementation

    With the ever-increasing threat of cyberattacks, defenses against these threats need to be continually scrutinized and improved upon. The United States government’s response to this has been to move toward a zero trust principle, which will shape the way leading cybersecurity standards evolve moving forward. But what does it mean to architect and configure a zero trust network? This guide will introduce the core principles of the zero trust approach, how they can be applied to a digital security strategy, and what to consider when making the transition. (more…)

  • Your Guide to Network Hardening Standards

    Your Guide to Network Hardening Standards

    Hardening your networks will help reduce the vulnerabilities cybercriminals can exploit and optimize your security posture in the long term. Network hardening standards provide guidance on the baseline controls you can implement to secure your networks and make your cybersecurity infrastructure more resilient. Read on to learn more. (more…)

  • Dark Web Threat Intelligence – Assessing and Addressing

    Dark Web Threat Intelligence – Assessing and Addressing

    With dark web threats on the rise, protecting your digital assets and sensitive data is critical to prevent them from being compromised during a cyberattack. Learning how to assess and address potential dark web threats will help you strengthen your cyber defenses and safeguard your organization’s valued IT assets from cyberattacks. Read on to learn more.  (more…)

  • What Are the SOC 2 Compliance Password Requirements?

    What Are the SOC 2 Compliance Password Requirements?

    Service organizations looking to assure stakeholders about the effectiveness of their security controls can do so by reporting on SOC 2 compliance. When optimizing identity and access management (IAM) controls, the SOC 2 compliance password requirements will help you meet and surpass the standards necessary for maintaining data security. Read on to learn how. (more…)