Innovative Minds - On Point - One Group  

ISP Blog

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
17
May
2019

MindPoint Group Named One of Washington Business Journal’s 2019 Best Places to Work

By:

When we started MindPoint Group over 10 years ago, the executive team recognized that the key to success lay in our ability to recruit and retain employees. In short, it was all about the people. Our focus was on collaboration, strength, knowledge, and diversity. We treat people with kindness and respect, holding each other accountable. 

Read More

15
May
2019

Even with automation, security baselines like STIG or CIS remain a challenge to manage. But there is hope.

By:

Ever ask a sysadmin what they find most tedious about their job? If they’re being honest, keeping up with security patching and compliance causes the most headaches. Surprised? You shouldn’t be. Patching continues to be a labor-intensive job with dire consequences for misconfigurations that could down a system or expose parts of the environment to

Read More

07
May
2019

Succeeding with FedRAMP: Continuous Monitoring

By:

Introduction So, you’ve received your FedRAMP authorization, either through the Agency ATO or the JAB P-ATO process.  Now what? Unlike other programs, a Cloud Service Provider (CSP) can’t just sit back and relax; there is still a lot of work to be done to maintain that FedRAMP Authorization.  In fact, it can be a daunting task in and

Read More

28
Mar
2019

Using CSPs to Reduce Front-End Attack Vectors

By:

What is a CSP? CSP is an acronym for Content Security Policy. It can be used as a white-list of things the browser can and can’t do with a Web App or Website. A CSP can help prevent content injection vulnerabilities like Cross Site Scripting (XSS) and can be used to mitigate interception attacks like

Read More

13
Mar
2019

XXE Vulnerability in BlackBerry AtHoc (Networked Crisis Communication) Platform

By:

Recently I had the opportunity to test an installation of AtHoc – BlackBerry’s emergency notification system. During the course of the test, I discovered an XML External Entity (XXE) vulnerability in BlackBerry AtHoc 7.6.0 affecting the Delivery Template feature used to customize emergency notification messages and demonstrated how an authenticated attacker could read files off

Read More