Dyman & Associates Risk Management Projects utilizes its decades-old track record in cyber security to provide protection for your employees, intellectual property, and other precious assets. Our consultants not only have many years of experience, but are also dedicated to the regular honing of their skills and keeping current on the innovations in hacking techniques and security trends.

Critical Infrastructure Protection

Essential infrastructures produce vital benefits and services, upon which various sectors of our society depend. Our professional and experienced groups comprehend the risks to these infrastructures arising from natural and man-made calamities. While the Department of Homeland Security has identified 18 critical infrastructures resources that must be safeguarded, most of these assets are owned by the private sector.

It is critical that you have a security expert to assess your risk and create risk-reduction measures for your company. Your clients rely on this important infrastructure; therefore, it is necessary to undertake procedures to avert and properly adapt to any hazard that may adversely impact your vital resources.

According to your expectations from our company, we will undertake some or all of the steps below in order to safeguard your crucial infrastructure.

·  Evaluation: Determine the risk connected with the vital infrastructure and what is extremely significant to attaining goals and final success.

·  Analysis: Pinpoint the weaknesses, as well as their interconnection with internal or external vital resources.

·  Pre-Mitigation: Execute preventive steps and measures to reduce direct risks. This process may include physical and cyber-based expertise and resources-strengthening before an incident transpires.

·  Mitigation: Offer complete and lasting solutions to mitigate and/or remove the identified threats.

·  Implementation: Assure that the reduction strategy is being undertaken in a way that is conducive to security requirements and guidelines.

·  Incident Response: Create programs and measures to remove additional threats or the cause of an existing problem.

Winter weather has taken its toll on both sides the US and Canadian border.  One utility that has taken it in the chops from all the ice and snow has been electric companies that provide services to businesses and individuals.  Now this wasn't the only time that there have been electrical outages due to severe weather.  Power outages have become rather routine when severe weather hits.  The question is, "How much mitigation do you want to invest in to reduce the impact of outages?" See it Here…

The above is the theme from a Toronto Glob editorial, see the ice storm: Why you want the lights to go out, sometimes in the piece they call attention to the fact that you can't mitigate every risk.  The costs to do so would be too high.  Thus, the focus on risk management.

"What is risk? It is the odds of suffering a loss in the future. It is a cost. And what about the reduction or elimination of that risk? Also a cost. In deciding whether to pay the price, utilities – and all of us – end up having to weigh three factors: the size of the possible damage, the likelihood of its occurrence, and the price of mitigation." Dyman & Associates Risk Management Projects

Risk management will become a greater part of the discussion as we move forward and the warming climate starts to impact our communities in varying ways.  This will be a good discussion for communities to have.  One way to reduce risk is to disperse it in the entire community (whole community).  If individuals are better prepared than the costs for organizations can be lessened, and costs of single entity preparedness reduced.

This Article Source

IT-administratorer er i en unik posisjon i organisasjonen der sofistikerte hackere er altfor klar til å dra nytte av

Har du noen gang vurdert din IT-gruppe skal organisasjonens svakeste leddet? Det er ikke noe som krysser hodet av de fleste tech beslutningstakere, men med målrettet angripere stadig fokusere sin innsats på privilegium regnskapet, bør det være. Det kan være den største sikkerhet blindsonen du har.

Med det i tankene er her noen enkle trinn det og sikkerhet sjefer kan ta for å minimere risikoen for vellykket målrettede angrep.

Dårlige vaner

Hver publisert målrettede angrep drepe kjeden du noensinne vil se vil inneholde enten "heve rettigheter" eller "få root-tilgang". Det er en viktig fase av noen APT-tross alt, lagrer ingen mest sensitive informasjonen på servere som har tilgang til resepsjonisten.

Problemet er at IT-administratorer ikke er immune mot den samme dårlige passord ledelse trekk som resten av ansatte, så de også kan utsette organisasjonen for unødvendig risiko.

Se etter bevis passord ikke blir oppdatert regelmessig eller legitimasjon som brukes på tvers av organisasjonen. En liste over 15 beste unnskyldninger for ikke endre passord inkludert edelstener som "knapt noen bruker systemet uansett" og "det er bare brukt av en tjenestekonto". Hvis disse brukes til å rettferdiggjøre feil passord ledelsen og tilsynet er allerede heie ut dårlig praksis.

Hvis organisasjoner tillater administratorer å velge sitt eget passord, deretter styrke disse legitimasjonene er avhengige personer seg. Men ofte er det ingen corporate regler krever admin passord å være lengre og mer komplekse enn standard ansatt passord.

Så med mindre de er generert av maskinen, er det en god sjanse for at de vil være relativt enkel å dekode. Risikoen er økt Hvis administratorer bruker samme passord på deres personlige mot Internett-kontoer. Hvis bare ett av disse nettstedene er hacket og passord utsatt kan da bedriftens kronjuvelene være utsatt.

Nettsteder som LinkedIn og Facebook gir en mengde informasjon om personer og sine roller på arbeid. Det er bare et relativt lite skritt for bestemt kriminelle for å se hvis noen nylig stjålet legitimasjon match opp til en IT-admin, for eksempel.