CIS Top 20
The cyber security resources framework we recommend for those looking to formalize their security program.
- CSC 1: Inventory of Authorized and Unauthorized Devices
- CSC 2: Inventory of Authorized and Unauthorized Software
- CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
- CSC 4: Continuous Vulnerability Assessment and Remediation
- CSC 5: Controlled Use of Administrative Privileges
- CSC 6: Maintenance, Monitoring, and Analysis of Audit Logs
- CSC 7: Email and Web Browser Protections
- CSC 8: Malware Defenses
- CSC 9: Limitation and Control of Network Ports, Protocols and Services
- CSC 10: Data Recovery Capability
- CSC 11: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
- CSC 12: Boundary Defense
- CSC 13: Data Protection
- CSC 14: Controlled Access Based on the Need to Know
- CSC 15: Wireless Access Control
- CSC 16: Account Monitoring and Control
- CSC 17: Security Skills Assessment
- CSC 18: Application Software Security
- CSC 19: Incident Response and Management
- CSC 20: Penetration Tests and Red Team Exercises
Zero Trust, Lateral Movement and Other Useful Information
Cyber Kill Chain
Tools and Other Cyber Security Resources
Google GRR and Rekall
Budgeting for a Security Operations Center
Krebs on Security
Our Commitment to the General Data Protection Regulation (GDPR)
GDPR, General Data Protection Regulation, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. We understand that GDPR compliance is a shared responsibility. We are committed to address EU data protection requirements applicable to us as a data processor. These efforts have been critical in our ongoing preparations for the GDPR:
Data processing: Our ability to fulfill our commitments as a data processor to our customers, the data controllers, is a part of our compliance with GDPR where data controllers are using a third-party like us to process personal data. Because of this requirement, Ideal Integrations, Inc. has worked extensively with an independent third party security auditor (Schneider Downs & Co., Inc.) to develop our Master Services Agreement and Information Security Policies and Procedures that contain appropriate provisions for personal data we store.
Third-party audits and certifications: Blue Bastion and Ideal Integrations, Inc. have utilized the SSAE 16/18 framework to achieve SOC 2, Type 2 attestation standards. We maintain this level of review of our controls and processes on a continuous basis to ensure security, availability, processing integrity, confidentiality, and privacy. We are audited annually by an independent third party with the audit covering internal governance, controls, and processes. It evaluates that we have the appropriate controls and processes in place and that they are actively functioning appropriately in accordance with related standards.
Blue Bastion and Ideal Integrations, Inc. are committed to compliance with the GDPR across our security operations center and any parts of our Security-as-a-Service offering when enforcement begins on May 25, 2018. We are currently working on the additional changes that are necessary across the business. Further updates on our progress will be communicated.