In my opinion, one of the largest IoT security risks is the ever increasing interconnectivity of devices. As devices become further connected, the potential for exploits, bugs, and backdoors increases exponentially, and the impact these attacks have only increase. From the article “7 Risks Associated with Increased Connectivity” by Madison Miner, she states ” Attackers may…

The main defining difference between computer security and information security is that computer security mainly considers security through the medium of technology, whereas information security is more focused on information itself. Information security could pertain to any information regardless of its media form. In addition, computer security deals with the security of hardware and software,…

Some of the most important aspects of protecting availability within an organization are ensuring WAN service SLAs outlining agreed upon uptime exist and are acceptable, backing up data, creating a business continuity plan and by extension a disaster recovery plan, and implementing protection against DoS or DDOS attacks. One of the most basic forms of…

The purpose and scope of this security policy is to protect the on-premises web, application, and database servers within the organization from compromise or unauthorized access and use. The organization utilizes database servers that store sensitive data that must be protected. This will be achieved utilizing the below five main processes and controls. The five…

In early 2021, a gentleman by the name of Orange Tsai from DEVCORE research team uncovered three vulnerabilities in the on-site version of Microsoft Exchange. This exploit was known simply as “ProxyShell.” ProxyShell was three separate vulnerabilities that when used in tandem could remotely control an email server. These vulnerabilities were related to those previously…

The CIA triad is instrumental in creation of organizational security polices, large or small. The resulting security policy helps prevent, counter, and recover from data compromise. Authentication & authorization are pillars of this model, protecting organizations by vetting and filtering what permissions are available to whom. The CIA TriadConfidentiality, integrity, and availability (CIA) of information…