Thycotic Telephone Number +1-202-802-9399 (US)

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

Filter by Tags: 

Posts Tagged ‘Compliance and Reporting’

Cyber Security Incident Response and Reporting Process

March 19th, 2019

Ever since we launched our customizable cyber security incident response template, I’ve been amazed by its volume of downloads. I quickly realized that the increasing cyber threats from criminal hackers, malware and ransomware is starting to be taken seriously by organizations large and small, and that there is a growing demand for guidance and information…


Complete Guide to Leveraging Session Recording to Improve Accountability and Meet PCI Compliance

March 5th, 2019

You’ve set up policies. You’ve trained your team. You’ve vetted third parties. But, even the most proactive privilege security strategy can’t account for every situation and every type of risky behavior.   Today many Thycotic customers rely on session recording and monitoring capabilities for added peace of mind. If any privileged user adds a backdoor account or makes an unauthorized configuration change,…


Privileged Access Management Compliance Through the Eyes of an Auditor

January 8th, 2019

Compliance audits are a stressful, time-consuming effort for many companies. In the Lockdown blog, we often talk about the tools and processes customers use to prepare for both internal and external information security audits. This time we thought we’d turn the tables and speak directly to an auditor to hear his perspective. In this post, auditor…


Seven Signs It’s Time to Move On from GPO-Only Privilege Management

September 11th, 2018

Many organizations gravitate towards Group Policy Objects (GPO) for privilege management because it offers enough functionality to get started managing privileges. Yet, as your needs evolve, you may find that you require a privilege management system better suited to a maturing, sophisticated organization. What are some of the warning signs that you need more than…


Gartner: Privileged Access Management is the #1 Cyber Security Priority for 2018

June 11th, 2018

A recent report from Gartner reveals the top IT Security Projects for 2018 with: Privileged Access Management as number 1 Application Control as number 44 Protecting Endpoints as number 6 Before we get into why Privileged Access Management (PAM) is the number 1 Cyber Security Priority in 2018, let’s take a quick look at what…


Seven reports you can share with auditors and execs to demonstrate proactive privilege management

May 8th, 2018

All major compliance bodies recommend or require a least privilege policy to protect sensitive data. Removing local administrative access on user workstations is a fundamental strategy for endpoint security to protect against both internal and external threats. Auditors will see that you have implemented a proactive security strategy to prevent malicious activity and accidental data…


The EU GDPR Checklist: It’s go time!

March 13th, 2018

Yes, you’ve all heard about it. Many companies have been raising the alarm and increasing awareness about GDPR—General Data Protection Regulation—for months now, all offering solutions for anything at all to do with GDPR. It’s caused a lot of confusion, raised many questions—and organizations have no idea where to start. Many assume they are excluded…


EU GDPR Compliance Checklist: Are You Prepared?

March 6th, 2018

As the deadline for compliance with the EU General Data Protection Regulation (EU GDPR) rapidly approaches, some security companies are offering ‘silver bullets’ to solve anything and everything to do with the new requirements. “Step right up folks, all you need to do is install this one box and your problems are solved.” If only…


MSPs at Risk: You are at serious risk if you are not properly managing your clients’ credentials

December 20th, 2017

I ask MSPs: How secure are the clients’ passwords you manage today? As an MSP you must meet special security needs because you hold critical privileged passwords, not only your own organization, but for your clients’ as well. Do you have an accurate answer for these questions, or are there some unknowns in your organization?…


NYS DFS 23 NYCRR PART 500: What is it and when is the compliance deadline?

November 9th, 2017

What is DFS 23 NYCRR PART 500? 23 NYCRR PART 500 is a regulation that establishes cybersecurity requirements for financial services companies. The concept of cybersecurity is nothing new, and regulations or compliance mandates around cybersecurity are nothing new either.  At its core, cybersecurity is all about protecting your organization’s data and network from malicious…