Kubernetes and Container Security
Our clients frequently ask us for advice on securing Kubernetes, the popular container orchestration engine.
Leviathan Security Group Offers Pre-Draft Comments on NIST SP 800-66, Implementing the HIPAA Security Rule
Leviathan submitted general comments on what Revision 2 should cover, as well as specific feedback on updates needed to the standard, which was first published in 2008. As readers will be aware, a lot has changed in that time, including the explosive growth in cloud computing and Software As a Service (“SaaS”) tools.
Common Security Certifications & Audits: A Review of Some Standard Security Certifications for SaaS Vendors
SaaS companies can demonstrate their security maturity level in a few ways, including through the use of one or more standardized security audits and certifications. While compliance is certainly not the totality of security, audits can demonstrate a certain level of organizational maturity and require evidence of some security safeguards; in other words, they show that someone is likely meeting a minimum bar of security best practices, but they do not demonstrate “unhackability” (and indeed, nothing can).
Initial Steps Towards A Risk Management Plan: Creating A Basic Risk Register
What goes into your risk register in large part depends on the risk analysis framework that your company has chosen. At a basic level, you will want to track some information about each risk and provide some way to derive an overall view of your organization’s risk profile.
Contingency Planning and Business Continuity
A robust business continuity plan requires coordination across the company and time, but there are things that you can do today to help your company in the current pandemic. A quick response crisis plan may already exist within your company.
Cybersecurity Recommendations in a Rapidly Emerging Telework Environment
Some companies, particularly those who work with sensitive health information, have traditionally relied extensively on physical security controls and enterprise firewalls in their office. With workforces scattered to their residences in recent days, many enterprise security controls are no longer operating in the same way.