Lack of Resources

The biggest problem that IT departments have nowadays is, lack of resources to deliver on their requirements. A simple solution is to hire more people, but with extremely thin and restrictive IT budgets that might not be an option. Even when you have that budget to hire someone you will need them to have experience…

NIST 800 – 171 3.1.13

Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. What this control is looking for is something that is FIPS Validated or compliant to be used to be wrapped around remote access. FIPS is described here. What this essentially means is that your encryption needs to be one of the kinds listed here.…

IT Cause Analysis Methodology

Cause analysis is often referred to as Root Cause Analysis and is the method of identifying the source of a problem. This method of discovering the source of why something has occurred is detailed here. Root Cause analysis varies slightly when dealing with IT-based issues. We will include IT-based thinking and methods in this document.…

Nist 800 -171 3.1.12

Monitor and control remote access sessions. This control is about how endpoints connect to your network and how you deal with them. The first way is to have a VPN (Virtual Private Network) encrypts access to your network and since you have limited access in previous controls to cut to authorized individuals, those people should…

NIST 800 -171 3.1.11

Terminate (automatically) a user session after a defined condition. The object of this control is to end a user session after a timeout period. This can be done again by using the GPO, Group Policy Object capabilities in windows. You can also leverage your other products that have timeout features to accomplish this goal. Most…

NIST 800 -171 3.1.10

Use session lock with pattern-hiding displays to prevent access/viewing of data after a period of inactivity. You can control when a screen saver will pop up with the Global Policies Object in windows. You will need to use GPO’s later so start getting used to setting up GPO’s for specific controls. You need to set…

Sales Methodology

So you think you are good at sales? Do you say you can sell fire to the Devil or ice to Eskimos? Sure maybe you have a great personality, you shoot from the hip and a majority of the time you have no problems getting a meeting, maybe you pitch your product, maybe potential customers…

Working Sessions

Meetings, some of us are plagued by them, we have too many back to back meetings in a day to accomplish anything. Some meetings your contribution is limited or very small, and some meetings your part is the center of the entire meeting. In my personal experience and through my vast experience with attending meetings,…

NIST 800 -171 3.1.7

Prevent non-privileged users from executing privileged functions and audit the execution of such functions. Here is where the separation of admin accounts and non-admin accounts helps you with this control. Don’t allow the non-admin accounts to have any access or ability to perform any commands that a privileged account will create. If you follow the…