All Articles

The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents. To be complaint with 201 CMR 17.00, all affected organizations must create, implement, and maintain an auditable comprehensive written information security program, holding administration, and technical/physical safeguards.

Since IT environments can generate millions of logs daily, DoDI 8500.2 has recommendations of analyzing and reporting on log data can reduce manual or homegrown remedies that are inadequate and cost prohibitive. 

The collection, management, and analysis of log data is necessary to meet many DoDI 8500.2 guidelines. LogIT meets these recommendations directly and inexpensively. LogIT delivers log collection, archiving, and recovery across clients’ entire IT infrastructure.

NIST-CSF sets information security standards and guidelines for serious infrastructure as defined within the Executive Order 13636 from the President of the United States of America. NIST-CSF guides critical infrastructure agencies in documenting and applying controls of information technology systems that support their operations and assets. These published guidelines cover many areas involving access control, audit and accountability, incident response, and system and information integrity. All of these areas can be met with the help of log management. Each agency is responsible for implementing the minimum security necessities as outlined by NIST.

NIST 800-53 produces information security standards and guidelines for federal information systems. It guides federal agencies in documenting and implementing controls that cover access control, audit and accountability, incident response, and system and information integrity.

In the Code of Federal Regulations, Section 73.54, Title 10 it is required that the NRC licensees provide high assurance that digital computer and communication systems and networks are sufficiently protected against cyber-attacks. The NRC developed and published “Regulatory Guide 5.71” to cover many areas surrounding access control, audit and accountability, incident response, and system and information integrity.

The NEI developed and published the NEW 08-09 Rev 6 to address many areas surrounding access control, audit and accountability, incident response, and system and information integrity. This is an extension of CFR 73.54.

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

  For a while Microsoft didn’t have significant security vulnerabilities that would attract our interest. Last week security advisory however revealed CVE-2015-2504 that requires close attention. 

   As usually Digital Edge warns the community about possible remote execution and privilege elevation vulnerabilities allowing hackers to break through the security perimeters. 

   All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

   If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET. 

   Please click here for more information.

Digital Edge provides a comprehensive comparison of Public Cloud Offering vs Traditional In-House Hosted or Collocated Virtual Infrastructures depending on the size of VM instances. Digital Edge proves that as the size of the VM increases, the efficiency of public cloud decreases and can reach a point where the cost of the public cloud can become a serious financial disadvantage. 

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  On Tuesday, July 14, 2015, Microsoft issued new Security Bulletin MS15-067 which is marked critical.

  The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous. The vulnerability could allow remote code execution is and attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.

  Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

  If you feel that you need assistance from the Digital Edge Security team please contact Danielle Johnsen at djohnsen@digitaledge.net 

  For more information and Digital Edge’s recommendations go here.

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  On Wednesday, May 13, 2015, new vulnerability that has been assigned CVE-2015-3456 was published. News agencies breaking this news stating that datacenters are vulnerable and at risk at their core:

  “A security research firm is warning that a new bug could allow a hacker to take over vast portions of a datacenter -- from within.” ZDNet (May 13, 2015).

   1. Digital Edge does not run vulnerable virtualization platforms.
   2. Digital Edge has small portion of clients running vulnerable platforms. Digital Edge security team will be contacting such clients on individual bases.

  Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

  If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net

  Click here to read Digital Edge risk assessment for this vulnerability.