Support Login

Knowledge

Articles by tag "compliance"

11/30/2017 Newsletters

Digital Edge’s Managed Security – response to HIDDEN COBRA- North Korean Remote Administration Tool: FALLCHILL

The Digital Edge Security Team warns that HIDDEN COBRA actors have been using FALLCHILL malware to target IT infrastructures. DHS and FBI specified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a remote administration tool (RAT) used by the North Korean government—commonly known as FALLCHILL. The U.S. Government refers to malicious cyber activity by North Korea as HIDDEN COBRA. 

HIDDEN COBRA uses dual proxy technique allowing to change vector of the attack and keep the source of the attack hidden.
 
These types of activities can have severe impacts such as data loss and disruption of operation. The Digital Edge Security Team has updated its own core infrastructure to protect our clients from possible impacts of HIDDEN COBRA and advise other IT organization to use the same practice. 

Click here for more details.

8/13/2017 Newsletters

Penetration testing. Helping clients to secure their infrastructures

Recently Digital Edge security team receives lots of requirements for an external penetration testing. We help our clients to achieve their goals. Our team would not just scan networks. We would work with our clients to resolve security concerns. We do not limit clients on number of runs to make sure that all the issues are resolved and scan comes clean. Below is a testimonail from one of our happy client.
 
“Digital Edge was a referral from a colleague in the ASCII Group professional IT consultants network.  I had a client that needed to comply with downstream vendor security requirements.  Having an independent security consultant audit my client was just what we needed.  They provided a detailed report of issues and more importantly how to fix them.  I highly recommend the Digital Edge security team to decision makers that need professional security analysis for their organizations.”
 
Brian Wheeler, Owner
Resolve Technology
 
Digital Edge security team will continue to work with IT groups to assist in ensuring safty for IT infrastructures.
 
8/4/2017 Newsletters

Discover the NEW online DFS Cybersecurity Reporting Portal

On July 31, 2017, the Department of Financial Services (DFS) has launched a new online portal to securely transmit in real time all notifications required under New York’s first-in-the-nation cybersecurity regulation. If you need assistance with registration or with any or all components of this cybersecurity framework, the Digital Edge team is available to meet your compliance needs! 

“With DFS’s leading cybersecurity regulation, the DFS cyber portal will allow New York’s financial institutions to quickly, easily, and securely report cybersecurity events and file required certifications of compliance, ensuring that the necessary safeguards are in place to protect New York consumers and financial institutions as the threat of cyber-attacks continues to increase.” - Superintendent Maria Vullo, Department of Financial Services

Filings made through the DFS Web Portal are preferred to alternative filing mechanisms as the DFS Web Portal provides a paperless reporting tool to facilitate compliance with the DFS cybersecurity regulation. Learn more about the New only DFS Cybersecurity Reporting Portal here.

Let the Digital Edge Cyber Security Team ease the burden of implementing the robust NYDFS Cybersecurity Regulation. Contact our Sales Team for your free assessment and align yourself with DFS compliance today

7/17/2017 White Papers

To Do: Check List to Comply with DFS Cybersecurity Law

It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs.

The law will produce large penalties if your company is found not in compliance and Digital Edge’s Solution is here to help avoid those hefty fines.  

To Do List:

  1. Determine if you are regulated; to see how please click here.
  2. Determine if you are eligible for any of the 5 possible exemptions; to review the exceptions click here.
  3. If you are eligible for exemption, you must file the Cyber Security Notice of Exception by September 27, 2017. 
  4. Depending on your exemption category, you may still need to build a cyber security system. Click here to see how Digital Edge can help you. 
  5. By August 28, 2017, covered entities must be in compliance. 
  6. February 15, 2018, covered entities must submit first Certification of Compliance. 
     
7/7/2017 White Papers

DFS Compliance – Mandatory Cybersecurity Requirements

On March 1, 2017, the New York State Department of Financial Services’ (DFS) mandatory cybersecurity requirements for financial services entities became effective, with implementation to occur within 180 days (August 28, 2017). Let the Digital Edge Cybersecurity Team keep your business in compliance!

At a high level, the regulation requires that all covered entities:

  • Conduct a documented risk assessment
  • Establish a risk-based cybersecurity program
  • Adopt a written cybersecurity policy
  • Designate a qualified CISO
  • Implement written third-party cyber risk policies
  • Establish a written incident response plan
  • Notify the superintendent of DFS of any cybersecurity events
  • Submit an annual certification of compliance

It is critical for all regulated institutions that have not yet done so to move swiftly and urgently to adopt a cybersecurity program and for all regulated entities to be subject to minimum standards with respect to their programs.  To learn more about this mandatory compliance regulations, please read our most recent whitepaper entitled “DFS Compliance – Mandatory  Cybersecurity Regulations” 
 
Digital Edge DFS Cybersecurity Solution
 
The Digital Edge Cybersecurity Team is well-versed in the DFS regulation.  We are ready to help companies mitigate risk and ensure compliance with all aspects of the DFS regulation! Contact us today to further explore how our team can provide your business with an unparalleled cybersecurity solution, with our continued focus on Stability, Security, Efficiency and Compliance

9/20/2016 White Papers

Log Management: Related Laws and Regulations

Log management is an often overlooked function of any IT organization. On one hand it is a very simple thing, however when implemented, you may find yourself overwhelmed in a plethora of details and related problems and can inevitably lead many to just drop the implementation – with the thought – we may not need it, everything is working on its own.

In addition to a great stash of valuable information, visibility, capabilities for additional alerting, predictions, forensic and behavior analysis, log management is one of the areas of control for multiple compliance and regulatory frameworks.

Relevance to Laws and Regulations: There are multiple compliance regulations related to log management. It is the law to log and review.

HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant technical and non-technical security standards to ensure individuals’ ePHI, “electronic protected health information”.

 
Learn more
PCI DSS
The PCI DSS was created to encourage and enhance cardholder data security and facilitate the extensive adoption of consistent data security measures worldwide. This applies to all organizations that store, process, and/or transmit cardholder data.
 
Learn more
SOX
SOX requires that all publicly traded companies establish and follow a framework of internal controls that support accountability and integrity of the financial reporting process. A vital part of SOX requirements includes the collection, management, and analysis of log data.  
Learn more
ISO 27001
The ISO 27001 standard is a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving management systems information security (ISMS) within the context of the overall commercial risks of the organization.
Learn more
FISMA
FISMA requires all federal agencies to document and implement controls for information technology systems that support their operations and assets.


 
Learn more
GPG 13
HMG organizations are required to follow Protective Monitoring for HMG ICT Systems, based on Communications-Electronic Security Group’s GPG 13 to gain access to UK GCSX, Government Connect Secure Extranet.
 
Learn more
NERC CIP
NERC has its own framework to protect bulk power systems against cyber security compromises that could result in operational failures or instability.





 
Learn more
GLBA
GLBA, also known as the Financial Modernization Act of 1999, was enacted to secure protection over customer records and information.
Learn more






 
201 CMR 17.00
The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was established to protect personal information of residents of the Commonwealth of Massachusetts. This regulation applies to all organizations, companies, or persons that own or license personal information about Massachusetts residents.
 
Learn more
DoDI 8500.2
Since IT environments can generate millions of logs daily, DoDI 8500.2 has recommendations of analyzing and reporting on log data can reduce manual or homegrown remedies that are inadequate and cost prohibitive.  
Learn more
NIST-CSF
NIST-CSF sets information security standards and guidelines for serious infrastructure as defined within the Executive Order 13636 from the President of the United States of America.
 
Learn more
NIST 800-53
NIST 800-53 produces information security standards and guidelines for federal information systems.



 
Learn more
NRC RG 5.71
In the Code of Federal Regulations, Section 73.54, Title 10 it is required that the NRC licensees provide high assurance that digital computer and communication systems and networks are sufficiently protected against cyber-attacks.
Learn more
NEI 08-09 Rev 6
The NEI developed and published the NEW 08-09 Rev 6 to address many areas surrounding access control, audit and accountability, incident response, and system and information integrity. This is an extension of CFR 73.54.
 
Learn more

Digital Edge is proud to introduce our new and latest product LogIT. Log Management will allow us to assist our clients uncover the value of something that already exists, but is not visible in their information technology environment's plethora of valuable information. Digital Edge ensures that our clients will get the most out of their application, system, and security logs. Besides collecting and storing logs, LogIT will help expose the full use of logs and machine data for network protection and compliance.

Digital Edge provides enterprise ELK Log Management Solution, cloud based or on premises. We stand out from our competitors for multiple reasons – including that we do not limit retention period and we don't have restrictions for value or speed for log streams. Additionally, we customize dashboards for our clients individual needs and expose our services to clients over VPNs of private cross-connects in data centers that we support. On top of all that, Digital Edge's LogIT can provide an unparalleled solution in today's IT Landscape.

Through sensors, Digital Edge captures all possible information generated in any device, application, and security event. We ensure security by staying alert on any security alert generated by any infrastructure device or application, along with collecting valuable forensic information. LogIT also provides a combination of structured and unstructured search built on our Elasticsearch backend. Unstructured search provides a Google-like experience while our MDI fabric enables contextual search when greater precision is required. Our search builder allows you to easily realize the best of both worlds instantly.

Click the link https://www.digitaledge.net/log-management-assessment-tool/ to assess your log management needs and budget. For further information please feel free to contact us.