MBS Information Security Consulting, LLC
"Making Business Sense" out of Information Security

Main Navigation

Archived Tips


The archived tip page is organized in a way to educate and examine what goes into the creation of MBS's holistic information security management program.

For more questions visit our Contact Us page.

I. Organizational Security
  1.     How do you deal with risk?
  2.     A company should review its information security policies and procedures annually.
  3.     Information security must be supported by executive management to be effective.
  4.     What will make companies take information security seriously?
  5.     Small and mid-sized companies need to do SOMETHING about their Cyber-security!
  6.     What is Enterprise Risk Management?
  7.     Are you protecting you company proprietary information?
  8.     Hat #3: Ask Information Security about PCI DSS.
  9.     What does an insider threat look like?
  10.     What should you look for in an information security leader?
II. Asset Management
  1.     All information is not created equal. Does your company use a data classification system?
  2.     Company's need to inventory all computer equipment and devices (PDA's, cell phones, wireless cards, etc).
  3.     Do you use a password on your smart phone?
  4.     What is a critical asset?
  5.     Does your company inform you on what you can and cannot do on company assets?
  6.     How do you get rid of old CD's or DVD's?
  7.     The company party in 2012 is BYOD!
III. Physical Security
  1.     What is tailgating?
  2.     What about unsupervised roaming?
  3.     What are your security cameras looking for?
  4.     What is ATM skimming?
  5.     Protecting removable media can be a mental exercise.
IV. Human Resources Security
  1.     What are your security procedures when you terminate an employee?
  2.     The six most common desk security mistakes employees make everyday.
  3.     What is data leakage?
  4.     Who are your employee's talking to about sensitive information?
  5.     Passwords need to change regularly and when specific incidents occur.
  6.     Announcing an Information Security Awareness Training program for end-users.   
  7.     Bank of America suffers 10 million loss from internal fraud.
  8.     If Microsoft called what would you do?
  9.     What is "war texting"?
  10.     Are you a spammer like me?
  11.     Its Black Friday, don't you dare click on that link!
  12.     The punch bowl may be spiked!
  13.     Your smart phone may be telling on you!
V. Operational Security
  1.     How does your company destroy its information systems (computers, hard drives, PDA, etc)?
  2.     What do you do about protecting paper documents?
  3.     Let's dissect your operations!
  4.     Your third party provider has the same information security obligations as your company.
  5.     An expensive case of the "separation of duties"principle.
  6.     What framework is your company using?   
  7.     Hat #4: Ask the business about PCI DSS.
  8.     Are you using the FREE information security tools in your environment?
  9.     Are you betting that someone else is doing the vetting?
VI. Access Control
  1.     Does your company require the usage of complex passwords?
  2.     Having a "need to know" is important when giving access.
  3.     How an IP address can circumvent access to restricted sites?
  4.     What is social engineering?
  5.     What is a hacker?
  6.     How do you watch the people hired to watch out for you?
VII. Information Systems Maintenance
  1.     What encryption standard are you using for your wireless network?
  2.     Is Anti-Virus enough protection for your company?
  3.     How often should your company check its operating systems and software for updates?
  4.     If you use AT&T and T-Mobile you have a vulnerability.
  5.     What is DLP?
  6.     What does your name say about you?
  7.     Did you know Facebook uses facial recognition?
  8.     Beware: Hackers are after the snackers!
  9.     Hat #2: Ask IT about PCI DSS.
  10.     A "smart phone" is only as "smart" as the user.
VIII. Incident Management
  1.     Would you know if an employee committed a security breach?
  2.     Does your company have a written incident response plan in place?
  3.     How much did a data breach cost in 2010?
  4.     Is it difficult to investigate a security breach? Yes!
  5.     Who is Epsilon and what does their breach mean to you?
  6.     Does your company understand targeted attacks?
  7.     What industry is leading breaches in 2011?
IX. Business Continuity / Disaster Recovery
  1.      How often does your company back-up its valuable data?
  2.      A personal story of BC/DR.
  3.      Don't create a single point of failure by over-relying on your IT staff.
  4.      So who's to blame for network security outages?
  5.      What happens if your "cloud" fails?
X. Legal and Regulatory Compliance
  1.    "I didn't know I had to do that" is NOT a legal defense!
  2.     Tax prepares must comply with the Gramm-Leach-Bliley Act!
  3.     Your social media posts can be used against you in a court of law!
  4.     Beware when disposing of prescription pill bottles!
  5.     What is the Red Flags Rule?
  6.     Is a national breach notification law needed? Yes!
  7.     Do your employees understand their confidentiality obligations?
  8.     Hat #1 : Ask the attorney about PCI DSS.

Content copyright . MBS Information Security Consulting, LLC. All rights reserved.

Web Hosting Companies