Subscribe to

Blogs

Why seeing a star on your driver’s license is a good thing

 - 
Friday, August 23, 2019

I remember in elementary school those little gold, silver, red, green and blue foil star stickers the teacher would put at the top of my paper, each color reflecting my grade: gold for the perfect score of 100; silver for 90s; blue for 80s; and green for 70s. If I saw a red star, just forget it, because that meant redoing the whole assignment, usually DURING recess, or when I got home from school DURING my favorite TV shows — Woody Wood Pecker, Tom & Jerry and Heathcliff. 

Let’s see if you pass the star test or if you’ll be caught at your local Department of Motor Vehicles during your recess, what we adults commonly call our lunch break! Take out your driver’s license. Does it have a black or gold star on it? If so, you passed and your lunch break is safe. If not, looks like a trip to your state’s Department of Motor Vehicles (DMV) is in your future if you plan on using your driver’s license to fly. 

Back in 2005, Congress passed the Real ID Act, designed to ensure that people boarding a flight or entering a federal building are exactly who they claim to be in all U.S. states and territories including Puerto Rico, Guam, Northern Mariana Islands and U.S. Virgin Islands. Now, 14 years later, all states and territories are compliant or have an extension (Maine, New Jersey, Oklahoma and Oregon are extended until Oct. 10, 2019) and are awaiting each and every citizen over the age of 18 to pay a visit to their local DMVs. 

Technically you have until October 1, 2020 to get your star, but as busy security professionals, 13 months will pass faster than a hot knife through butter! (That’s Texan for “quickly.”)  So, here are some strategies and tips to make the process as painless as possible: 

Decide if you even need a Real ID. If you want to fly with only your state-issued ID, don’t have a passport or other TSA-approved ID or need to visit a security federal facility, such as a military base, then yes, you do need a Real ID. 

If you only need your state-issued ID for identification purposes, don’t mind bringing a TSA-approved ID, like a passport, starting October 1, 2020, or are under age 18, then no, you do NOT need a Real ID. 

Physically go to a DMV office. Be sure to bring along identification documents such as a birth certificate and passport. Some states are requiring up to four pieces of identification, so be sure to check your state’s requirements BEFORE standing in that long line, finally arriving at the clerk’s desk after a five hour wait (that’s the typical wait time in Texas) just to be turned away to go back home, retrieve said documents and then wait another five hours in line! (As “they” say, “Everything’s bigger in Texas;” I guess that includes these lines, too!)

  • Tip #1: To be on the safe side, at the very least, bring proof of identity, social security number and residency, proof of name change (if applicable) and of course, money (a fee is involved).
  • Tip #2: I would suggest bringing cash and/or check in case your DMV doesn’t accept credit cards or charges a fee. It looks like North Carolina is the cheapest at $13.00 and Massachusetts is the highest at $85.00. Check your particular state’s DMV website for the fee schedule. 
  • Tip #3: If your state allows it, make an appointment to visit your DMV. This will cut back on wait time and frustration. 

 

I wish you well on your endeavor to obtain your star!

 

 

Is in-home delivery driving security spending?

 - 
Friday, August 23, 2019

Anyone who has fallen victim to the dreaded “porch pirates” can understand why the current smart home trend of in-home delivery of packages continues to catch on. Nothing sucks more than having video footage — from a video doorbell or camera — of someone grabbing your goods off your stoop and having no power to do anything about it. 

It is this convergence of technology and convenience that is driving interest in, and spending on, security. In fact, nearly half of consumers who currently own or intend to buy a smart door lock, a smart garage door opener or video doorbell value the ability to remotely allow Amazon package deliveries, according to new research from Parks Associates, an internationally recognized market research and consulting company specializing in emerging consumer technology products and services.

“Battle for the Front Door: The Access Control Ecosystem” reports that one-third of owners or future buyers rate this capability as very valuable, with 37 percent of smart access control device owners or intenders willing to pay up to $1.98 per package for delivery inside their home or garage.

“The growth of online shopping from sites like Amazon and Walmart has led to an increasing problem of package theft but has also created a new use case for the smart home,” Chris O’Dell, research associate, Parks Associates, said in the announcement. “As consumers increasingly rely on home package delivery, and look for ways to make this process more secure, they have a greater awareness of access control devices like video doorbells, smart door locks and smart garage door openers.”

The prospect of package theft creates opportunity for smart home device manufacturers and service providers to boost consumer confidence by guaranteeing safe package delivery with in-home and in-garage delivery services. Amazon’s 2019 partnership with Chamberlain highlights this potential. Among consumers who own or plan to buy a smart door lock, a smart garage door opener or video doorbell, 43 percent find the ability for FedEx or UPS to perform in-garage delivery to be valuable.

“Enabling home services will ultimately drive adoption of access control devices by expanding their value to consumers,” O’Dell said. “Traditional garage door openers typically have a lifecycle of 10 or more years, so companies need a strong and unique value proposition with smart garage door openers in order to expedite growth in the market. The promise of safe package delivery, combined with partnerships that incent purchase and ease installation concerns, can be that driver.”

Found in the report is an assessment of the access control ecosystem, profiles of key players in each device category and evaluations of home services strategies. It also includes five-year forecasts of smart door lock, video doorbell and smart garage door opener adoption. For example, one-quarter of U.S. broadband households plan to purchase a video doorbell in the next year.

SIA provides analysis of rules related to NDAA

 - 
Wednesday, August 21, 2019

If you’re part of the security industry, there’s little doubt you haven’t heard about the Federal Acquisition Regulation (FAR) rule announced last week that started the ball rolling on the prohibition to procure certain Chinese telecommunications and video surveillance equipment. The key word here is “certain,” meaning not all equipment is part of the rule, and security contractors are left scrambling trying to figure out exactly what to do.

The Security Industry Association (SIA) jumped into action and released a preliminary analysis of the rule that focuses specifically on the video surveillance equipment and services covered. SIA also stated that they will update the analysis with additional insight and information as needed, and the association will host a webinar tomorrow, August 22 at 1pm ET to brief members on its analysis of the NDAA prohibition and acquisition rules.

According to SIA’s analysis, security contractors need to understand the following:

Remember the effective date, August 13, 2019. Why is this so important? Because all solicitations, contracts and contract awards issued on or after this date will include clauses prohibiting procurement of covered equipment and services.

Disclosure requirements for new contracts. Beginning on the effective date, all offerors must provide self-certification as to whether ANY of their offerings to the federal government include covered equipment or services. This also extends to subcontractors.

Reporting requirements. Beginning on the effective date, contractors and subcontractors are required to report any covered equipment, system or services provided and discovered during contract performance within one day of discovery. In addition, within 10 days, the contractor must explain mitigation actions taken or recommended.

Scope of prohibition. Extends to purchases below the minimum purchasing threshold (up to $10,000 in 2019), regardless of the commercial-off-the-shelf (COTS) waiver.

Government-only waivers. Contractors and companies cannot obtain waivers; they are only available for government entities.

Tailored approach to collected information. GSA has issued its tailored implementation rules.

For more detailed information about NDAA and FAR, including a answers to frequently asked questions relating to the ban, please check out SIA’s full analysis here, and attend SIA’s webinar.

5 important facts you need to know about the Texas-based ransomware attacks

 - 
Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 

Discovered at DEFCON 27: automated license plate readers (ALPRs) being hoodwinked by clothing

 - 
Wednesday, August 14, 2019

It seems Joe Public is shouting “privacy here, privacy there, privacy everywhere,” as people are pushing back against certain technologies that could, or people believe could, misidentify them and track, monitor and record their actions, or be the catalyst to their personal information and identity being stolen.

It’s a double-edged sword really; people want to use the technology to ensure safety and security, but at the same time, they want no interference with their privacy. It’s all or nothing. Unfortunately, we aren’t at a point with technology where “good” people are automatically excluded from the “bad.” However, one solution to protect privacy presented itself about a week ago at none other than DEFCON 27

As over 25,000 security professionals and researchers, federal government employees, lawyers, journalists, and of course, hackers with an interest in anything and everything that can be hacked descended on Las Vegas’ Paris, Bally’s, Flamingo and Planet Hollywood Convention Centers, professional ethical hacker and now, fashion designer, Kate Rose, debuted her weapon of choice against ALPRs and surveillance — t-shirts, hoodies, jackets, dresses and skirts. 

Knows as Adversarial Fashion, each garment is purposely designed to trigger ALPRs and inject data rubbish into systems used by states and its contractors, believed by some to monitor and track civilians. Rose tested a series of modified license plate images with commercial ALPR APIs and created fabric patterns that read into LPRs as if they are authentic license plates. Priced at no more than 50 bucks, tops, you too can now fool ALPRs with your clothes! 

Don’t feel like shelling out your hard-earned money? Not to worry! Rose lists all the resources needed to make your own computer vision-triggering fashion and fabric designs on her site, along with a hyperlinked list of libraries and APIs, image editing tools, color palette extraction tools and textile pattern tutorials. In addition, slides from her DEFCON 27 Crypto and Privacy Village talk, “Sartorial Hacking to Combat Surveillance,” offering the following how-to guide of designing your own anti-surveillance clothes: 

  1. Choose a recognition system and experiment with design constraints, starting with high confidence images.
  2. Test tolerances by making slight modifications to source images. 
  3. Make notes of “cue” attributes that affect confidence scores. 
  4. Plot enough images to determine what seems to work. 
  5. Use images that work to design a pattern and digitally print it onto fabric. 

I’m not too sure if this is a 5-step method to early retirement, but I can say people are demanding privacy and obviously, being very creative in their fight for it. 

 

Regulation implementing NDAA procurement ban announced

 - 
Wednesday, August 14, 2019

On Tuesday, Aug. 13, the Federal Acquisition Regulation (FAR) rule implementing the first subsection of the procurement prohibition on certain Chinese telecommunications and video surveillance equipment was announced.

Notably, the rule covers only the provision of the fiscal year 2019 National Defense Authorization Act (NDAA) Section 889 set to go into effect one year following enactment — subsection (a)(1)(A) relating to direct government procurement of covered equipment and services. The remaining provisions of Section 889 (including applicability to the use of federal grant funds) are scheduled to go into effect in August 2020.

While the Security Industry Association (SIA) is working to provide members with a preliminary analysis of the rule as quickly as possible, these rules and contract clauses added to the FAR should be carefully reviewed by suppliers of video surveillance equipment to the government.

The rule prohibits federal agencies from buying “covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system” from designated Chinese entities, including:

•    Telecommunications equipment produced by Huawei or ZTE and their affiliates;
•    Video surveillance and telecommunications equipment produced by Hytera Communications Corporation (Hytera), Hangzhou Hikvision Digital Technology Company (Hikvision), Zhejiang Dahua Technology Co., Ltd. (Dahua) or their affiliates for the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure and other national security purposes;
•    Telecommunications or video surveillance services provided by any of these entities or using any such equipment; and
•    Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the Chinese government.

In a comprehensive analysis of the interim rule, Morrison & Foerster said, “DoD, GSA and NASA are working to update the online System for Award Management (SAM) to allow contractors to represent annually whether they sell covered equipment or services. Only contractors that provide an affirmative representation in SAM will be required to provide offer-by-offer disclosures in their proposals for contracts or task orders. This option is not available yet, so contractors should expect to see the representation incorporated into solicitations starting August 13.

“The second clause — FAR 52.204-25 — incorporates Section 889’s prohibitions and definitions into the contract and also imposes a significant reporting requirement on the contractor. The reporting requirement obligates the contractor to report through DIBNet if it identifies any activity prohibited by the rule during contract performance. Contractors must do so within one business day of identifying the activity, and then follow up within 10 business days with any additional information about mitigation actions undertaken or recommended.”

Morrison & Foerster also pointed out that by October 14, 2019, the Secretary of Commerce “must issue new restrictions implementing the May Executive Order declaring a national emergency over the influx of telecommunications technology developed by ‘foreign adversaries’ and entities controlled by them. Implementing regulations will identify covered entities and transactions, almost certainly targeting entities like Huawei and ZTE,” Morrison & Foerster analysts opined.

Stay tuned for more on this topic.

Will drones take off within security?

 - 
Wednesday, August 7, 2019

The role of robotics within security continues to increase, as the technology can act as a force multiplier, expand the scope and effectiveness of security around and within a perimeter, including everything from small to expansive areas. Drones, for example, have come a long way in just a couple of years, and are starting to be used in commercial and industrial senarios, as well as in and around home.

With drone technology advancing at a fast rate, FAA regulations loosening, and more accessible off-the-shelf solutions available, we may be at a turning point when it comes to increased adoption of drones within security, according to a recent whitepaper, Drones in Security & Surveillance, by FlytBase, an enterprise drone automation company.

“The physical security market is primed for drone automation and scaling — the time, cost and safety benefits of autonomous drone fleets can create significant business value for this industry,” FlytBase CEO Nitin Gupta, said in the announcement of the white paper. “Drone patrols will augment human guards and enable security agencies, risk managers, security directors, system integrators and other stakeholders to make faster, better decisions for real-time incident response, remote security operations, event management, disaster response and more.”

The ability to deploy in a multitude of 24/7 security and surveillance use-cases is helping to drive increased demand and adoption of unmanned aerial vehicles (UAVs), said Flytbase, noting that UAVs address many user/customer pain points, including:
     •    High turnover of security guards;
     •    Operations at night and in hostile scenarios;
     •    Surveillance of hard-to-reach locations;
     •    Liabilities associated with human and helicopter patrols;
     •    CCTV blind spots; and
     •    Need for real-time situational awareness in emergencies, etc.

“The time for aerial security is now ripe because the prosumer drone market has matured so rapidly in the last few years that commercial-off-the-shelf drones can be used commercially, instead of (expensive, monolithic, low reliability) custom drones, in all but the most demanding security and surveillance use-cases,” according to the white paper. “The physical security market is one of the most compelling target segments for the commercial drone industry. As automation technology is adopted for industrial and commercial security, drone fleets will play a central role, given that they can be deployed autonomously, at scale.” 

The two obvious obstacles for driving broad adoption of drones in aerial security use-cases tended to be:
     •    Hardware (battery life, sensor quality, flight stability, etc.); and
     •    Regulation (especially for beyond visual-line-of-sight i.e. BVLOS operations)

However, these are now turning enablers, with the emergence of:
     •    Reliable, off-the-shelf drones that are affordable and programmable; and
     •    FAA integrated pilot programs, EVLOS relaxations, Part 107 certifications and UAS Remote ID.

As UAV regulations mature, security agencies in particular are expected to rapidly   adopt drones to substantially reduce their operating costs, improve perimeter coverage and awareness, and to minimize occupational, health and safety risks to human guards.  Despite a variety of relevant use-cases, the enterprise adoption of drones in this sector remains at the proof-of-concept and pilot stage; for production deployments to become widespread, three enablers are needed:

     1.    Drone-in-a-box hardware that is cost-effective and yet reliable;
     2.    SaaS solutions that automate drones, are scalable and yet hardware-agnostic; and
     3.    Integrated offerings that require low investment, & hence pay back in < 1 year.

“For VLOS and EVLOS security operations, the drone-in-a-box requirement is less critical,” the white paper noted. “Thus, security agencies, domain consultants, drone  system integrators, managed service providers and end users can all get started with off-the-shelf, prosumer-grade drones and existing SaaS offerings, and eventually add docking stations and charging pads to their autonomous drone security operations.”

Click here for the complete white paper.

Is banning biometrics the answer to safety and security in public housing?

 - 
Wednesday, August 7, 2019

Some people are calling it “social control,” some believe it’s exploiting the poor; others are saying it will “criminalize and marginalize” residents, while Congresswoman Ayanna Pressley mentions “rampant biases” especially with “women and people of color.” Sounds like “it” should be banned, right? Well, what if I told you I am talking about facial recognition biometric technology? Would that influence your decision to ban or not to ban this technology?

For the first time ever, a piece of proposed federal legislation addresses limits on biometric technology and tenants of public housing — the No Biometric Barriers to Housing Act of 2019, introduced by Congressional Democratic lawmakers Yvette Clarke from New York; Ayanna Pressley from Massachusetts and Rashida Tlaib from Michigan. 

Here’s what the legislation would do: prohibit the use of biometric recognition technology in most public and assisted housing units funded by the Department of Housing and Urban Development (HUD) and require the department to submit a report to Congress. Required in the report would be the following:

  • Any known use of facial recognition technologies in public housing units
  • Impact of emerging technologies on tenants
  • Purpose of installing this technology in units
  • Demographic information of tenants
  • Impact of emerging technologies on vulnerable communities in public housing, including tenant privacy, civil rights and fair housing.

Several organizations support this legislation including:

  • NAACP;
  • The National Housing Law Project;
  • National Low Income Housing Coalition; 
  • National Action Network;
  • Color of Change; and
  • The Project On Government Oversight (POGO), a nonpartisan, independent watchdog that investigates and exposes waste, corruption, abuse of power and when the govern fails to serve the public or silences those who report wrong doing. 

POGO went so far as to pen a letter to the Congresswomen, citing facial recognition systems have “registered false matches over 90 percent of the time in multiple law enforcement pilot initiatives,” and Massachusetts Institute of Technology researchers, the America Civil Liberties Union and an FBI expert found “facial recognition technology is less effective in properly identifying women and people of color, raising civil rights concerns.”

Thus far, this legislation would only affect HUD housing; however, it could very easily trickle into other landlord/tenant situations as the hot topic surrounding public security seems to revolve around privacy.

Industry confidence skyrockets, SIA reports

 - 
Wednesday, July 31, 2019

Security industry confidence continues to rise with the summer temps, according to The Security Industry Association’s latest Security Market Index, a bimonthly measure and outlook for the security industry.

While confidence in the state of the market had already seen a bump in May with a Security Market Index (SMI) of 63, up from the March SMI of 60, hopes are even higher this month with a July 2019 SMI of 71, SIA reported, noting that any Index above 50 indicates that conditions within the industry are largely positive and that security industry professionals are predominantly confident in their business outlooks.

Special focuses of the July 2019 SMI include:
•    A continuously climbing SMI for security consultants;
•    Despite other sectors' increases, a dip in confidence for the video surveillance SMI;
•    Integrators increasing spending among decreases in overall confidence in business conditions; and
•    Expected security spending increases in government and education.

For its July SMI, SIA found that 48 percent of security professionals rated current business conditions as “excellent,” and 45 percent said they were “good.” Only 7 percent said conditions were “average,” and no Security Market Index respondents considered current conditions to be “fair” or “poor.” In May 2019, 49 percent of respondents said conditions were “excellent,” and 38 percent rated conditions as “good.” Eight percent said conditions were “average,” 5 percent rated conditions as “fair” and no Security Market Index respondents rated conditions as “poor.”

SIA noted that multiple respondents said that there is a strong demand from customers for security system upgrades, as well as new installations, while others pointed out the strong acquisition activity currently happening within the security market. And while the responses were mostly positive, some pointed out what they see as current issues in the industry. “While the economy appears strong, we’re seeing a lot of pressure to cut prices,” said a respondent working in the access control sector, who rated current business conditions as “good.” One respondent who works as an engineer in the industry rated current business conditions as “good,” but expressed worry over the U.S. president’s relations with Europe, saying, “Unnecessary business risk results.”

While numbers remained steady in most key factors (new orders; product/service sales; new product intro; and capital equip spend) this July, SIA found that the percentage of respondents who said they plan on increasing their number of employees or hours worked jumped to 76 percent, when only 56 percent said so in May.

Within the next three months, 90 percent of security professionals believe business conditions will be either “much better” or “a little better,” SIA found, with 10 percent expecting no change to business conditions, and zero Security Market Index respondents expecting conditions to be worse. This is slightly more optimistic than in May, when 87 percent expected improved conditions within three months.

When SIA asked which vertical market they think has the most potential for increased security spending in the next five years, many respondents to the July SMI answered government and education, with 24 percent answering government, and 21 percent answering education. Other answers included healthcare (17 percent), cannabis (10 percent), office buildings (7 percent) and energy (3 percent).
  
In regard to increased government business, SIA referenced a Dec. 2018 U.S. Government Accountability Office (GAO) report, Federal Building Security: Actions Needed to Help Achieve Vision for Secure, Interoperable Physical Access Control, which pointed out the need for improved security in government buildings and a government-wide approach to regulate access to controlled areas in federal buildings using access control systems such as card readers.   

“Implementation of physical access control systems at federal agencies represents a significant federal investment,” stated the report. “For example, over the next five years the Transportation Security Agency plans to spend about $73 million to implement physical access control systems . . . In addition, according to GSA officials, GSA has spent millions of dollars to test these systems.”   

School security has also proven to be a booming market for the security industry, with bills requiring security spending in schools and grants for security systems in schools being introduced at a rapid rate, SIA reported.  The education sector of the market for security equipment spending and services reached $2.7 billion in revenue in 2017, according to a 2018 report from IHS Markit, School Security Systems Industry – U.S. Market Overview. The market is expected to grow an average of 1 percent annually, reaching $2.8 billion by 2021. However, the report warns that since so much progress has been made in securing schools over recent years, security spending may actually slow in the market.

For the full Security Market Index, including a breakdown by segment click here

How to assess your company’s cybersecurity risk

 - 
Wednesday, July 31, 2019

It finally happened. Temps reached into the 100s in Dallas as Cyber:Secured Forum helped some security professionals stay cool inside The Westin Dallas Park Central while learning actionable takeaways and best practices related to maintaining and improving cybersecurity of security systems and solutions. While I gather my thoughts to bring you a detailed rendition of the past two days, now would be a great time to do a cybersecurity risk assessment on your system. 

Here are my “4 Preliminaries” (4Ps) to help you get started on your assessment:

  1. Perspective. Make a list of all information stored on your computer, online, in different apps and in the cloud, for example, work documents, apps, music, passwords, pictures, videos of your family, banking and credit card credentials, etc. Physically seeing how much precious data you have should be a wakeup call to protect it against cyber threats and attacks.
  2. Passwords. Make a list of all online accounts and their login credentials. 
  3. Peruse. Look through the list and carefully think about the value of each type of stored data. If it would be detrimental if anyone gained access or a particular piece or data or online account was lost, deleted or leaked online, put a star by it or highlight it. 
  4. Posture. Take a position of defense against cyberattacks, cybercriminals and cyberthreats. To start, make sure all the passwords on your list are strong to prevent access to your data. Each account needs a DIFFERENT, robust password consisting of at least 12 or more of the following: upper- and lower-case letters, and numbers and symbols in various combinations and locations within the password. 

Once you’ve completed the 4Ps, google the phrase “cybersecurity risk assessment checklist.” This tool is available for free from different organizations and businesses. Choose the checklist that resonates most closely with your business, or take bits and pieces of a variety of checklists to create a custom list. Then, using the information you’ve already gathered from the 4Ps, get started answering the questions. You’ll be well on your way to learning exactly where your company is postured for cybersecurity as well as areas that need improvement. 

 

Pages