Analecta Cyber Company Blog: June 2018


Repairing Your Reputation Following an Incident

Repairing reputation following an incident You’ve worked hard to build a name for yourself and have established a business reputation that has real value. When a cyber incident arises, the biggest cost isn’t the technical damage that occurs to your information system, but customer and client trust and confidence that can potentially be lost. How do you maintain or rebuild trust following a malicious event?


Holding a Lessons Learned After Recovery

holding a lessons learned after recovery - Analecta-LLC Graphic Holding a lessons learned after recovery - Analecta LLC Graphic There is a high likelihood that your first incident response and recovery experience will only be the beginning of a string of events throughout the course of your career. Each incident recovery will provide you and your incident response team valuable information that you can incorporate into your ever-developing recovery plan. The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) calls on organizations to incorporate lessons learned from past events into future activities, improving recovery planning and processes.


Identifying New Vulnerabilities and Implementing Mitigations

Identifying new vulnerabilities and implementing mitigation - Analecta-LLC graphic banner You’ve done the hard work of planning your security posture and implementing mitigations for risk, but eventually you will find yourself responding to an incident. Incident response can be very hectic, and you’ll want some strategies for implementing quick mitigations to 0-day vulnerabilities.


Why Have a Detection Platform if you Ignore it?

Early Warning Device - Analecta LLC
Dave Hawkins is an information systems security engineer. He is the manager and cofounder of Analecta Cybera Maryland-based cybersecurity firm providing cyber risk assessments for small and medium sized businesses.

By: Dave Hawkins, Analecta Cyber

I met a friend for lunch recently. He owns a financial services company operating in Baltimore, Maryland over the last several decades. The discussion turned to new cybersecurity regulatory requirements in one of his geographical markets. As we discussed the pros and cons of government legislation on business-based cybersecurity, I mentioned that many small and medium-sized businesses will take the time to purchase Network Intrusion Detection Systems (NIDS) or host-based Intrusion Protection Systems (IPS), but typically don’t do anything when an alert or warning is generated. He was shocked. “Why even have the system if you’re not going to use it to track things down?”