The UK Might Beat Us to Regulating MSPs In the US, anyone can become a managed service provider. Unfortunately, customers may think that comes with security, but usually it does not. The UK is about to create a legally binding cybersecurity framework for managed service providers. This may be the first step at forcing businesses […]
Continue reading → [DISPLAY_ACURAX_ICONS]Long before quantum computing becomes “main stream”, state actors will have access to it. In part, because they command large budgets; in part because it is important to them. Why do they care? Because, it will allow them to decrypt both communications that they intercept going forward and communications that they have intercepted in the […]
Continue reading → [DISPLAY_ACURAX_ICONS]About ten days ago Ireland’s healthcare system was forced to shut down its computers due to a ransomware attack. Ireland’s health minister said the attack was having a severe impact on the health and social services. In today’s healthcare world, having doctors and hospitals run without computers means no patient charts and a very labor […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Center for Internet Security has, for years, built a list of recommended controls and sold tools to help you manage that. The controls are very IT centered and don’t really cover governance, but the controls can be a good piece of your information security strategy. For as long as I can remember, there were […]
Continue reading → [DISPLAY_ACURAX_ICONS]As I said yesterday, some EOs are a couple of paragraphs long. This one goes on for pages. Today’s post is going to cover the section of the EO that addresses supply chain risk. Supply chain risk, as we saw in both the SolarWinds and Microsoft Exchange attacks, is a huge problem. So what does […]
Continue reading → [DISPLAY_ACURAX_ICONS]While this EO and almost all EOs only affect what executive branch agencies do, it is likely that it will have a big effect on cybersecurity in general. Here are some requirements: The government uses a lot of commercial cloud software. Current contract terms may limit what data a cloud provider is allowed to share […]
Continue reading → [DISPLAY_ACURAX_ICONS]