All Articles

The PCI DSS was created to encourage and enhance cardholder data security and facilitate the extensive adoption of consistent data security measures worldwide. This applies to all organizations that store, process, and/or transmit cardholder data.

GLBA, also known as the Financial Modernization Act of 1999, was enacted to secure protection over customer records and information. To satisfy the riles and provisions of GLBA, financial institutions are obligated to perform security risk assessments, develop and implement security solutions that detect, prevent, and allow timely incident response effectively, and to perform auditing and monitoring of their security environment.

The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents. To be complaint with 201 CMR 17.00, all affected organizations must create, implement, and maintain an auditable comprehensive written information security program, holding administration, and technical/physical safeguards.

Since IT environments can generate millions of logs daily, DoDI 8500.2 has recommendations of analyzing and reporting on log data can reduce manual or homegrown remedies that are inadequate and cost prohibitive. 

The collection, management, and analysis of log data is necessary to meet many DoDI 8500.2 guidelines. LogIT meets these recommendations directly and inexpensively. LogIT delivers log collection, archiving, and recovery across clients’ entire IT infrastructure.

NIST-CSF sets information security standards and guidelines for serious infrastructure as defined within the Executive Order 13636 from the President of the United States of America. NIST-CSF guides critical infrastructure agencies in documenting and applying controls of information technology systems that support their operations and assets. These published guidelines cover many areas involving access control, audit and accountability, incident response, and system and information integrity. All of these areas can be met with the help of log management. Each agency is responsible for implementing the minimum security necessities as outlined by NIST.

NIST 800-53 produces information security standards and guidelines for federal information systems. It guides federal agencies in documenting and implementing controls that cover access control, audit and accountability, incident response, and system and information integrity.

In the Code of Federal Regulations, Section 73.54, Title 10 it is required that the NRC licensees provide high assurance that digital computer and communication systems and networks are sufficiently protected against cyber-attacks. The NRC developed and published “Regulatory Guide 5.71” to cover many areas surrounding access control, audit and accountability, incident response, and system and information integrity.

The NEI developed and published the NEW 08-09 Rev 6 to address many areas surrounding access control, audit and accountability, incident response, and system and information integrity. This is an extension of CFR 73.54.

   Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

  For a while Microsoft didn’t have significant security vulnerabilities that would attract our interest. Last week security advisory however revealed CVE-2015-2504 that requires close attention. 

   As usually Digital Edge warns the community about possible remote execution and privilege elevation vulnerabilities allowing hackers to break through the security perimeters. 

   All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

   If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET. 

   Please click here for more information.

Digital Edge provides a comprehensive comparison of Public Cloud Offering vs Traditional In-House Hosted or Collocated Virtual Infrastructures depending on the size of VM instances. Digital Edge proves that as the size of the VM increases, the efficiency of public cloud decreases and can reach a point where the cost of the public cloud can become a serious financial disadvantage.