Baan Alsinawi, Managing Director at Cerberus Sentinel, explains the value of preparing for a data breach event
Baan Alsinawi – Expert Comment: 60% of Enterprises Not Equipped to Respond to Data Breaches
February 17, 2020
Our assessments of various clients and government agencies confirm these findings. Add that NIST requires FIPS 140-2 encryption, and you add another layer of complexity and confusion to long term management of the various SSL keys, self signed certificates, PKI if used.
Changing the keys upon expiration mostly takes people by surprise since they are not prepared and suddenly critical functions are not accessible. i will add also the risk of using same keys for the primary data source and the backups. it is advised to use one key for primary and separate key for the backups to protect from risk of ransomware and ability to recover if your primary data source was compromised. all security standards have specific controls that are designed to audit and test the key management aspects of organisations such as NIST Cybersecurity Framework, ISO etc. Managing the risk should be included in an overall risk management strategy integrated into COOP and Disaster recovery, incident response and several other key aspects of a comprehensive risk management strategy. – Baan AlsinawiClick Here To Read The Full Story…
Baan Alsinawi Discusses The Need For Data Breach Preparation – Cerberus Sentinel specializes in cybersecurity solutions that build a culture of security within an organization, enabling them to improve security, lower risk profile, optimize IT infrastructure, and meet regulatory compliance demands with extensive and comprehensive compliance review. Our Philosophy – Cybersecurity is a culture, not a product®. We believe culture is the foundation of every successful cybersecurity and compliance program. To deliver this outcome, we developed MCCP+ our holistic approach that ensures you’re secure in every area of your business. We are a publicly traded cybersecurity company listed with ticker CISO. A nationwide provider of consulting and managed services, with offices and resources across the USA, we specialize in building a culture of awareness for our clients. Founded with the belief that an acquisition approach is the best way to address the industry-wide skills gap. We are focused on cybersecurity, compliance, and the culture that drives success, acquiring world-class engineering talent who utilize the latest technology to create innovative solutions to protect even the most demanding businesses and governments against continuing and emerging threats. Baan Alsinawi Discusses The Need For Data Breach Preparation