Innovative Minds - On Point - One Group  

ISP Blog

This is the blog for MindPoint Group's Information Security & Privacy (ISP) division. We hope to use this to contribute to and debate ideas among the ISP community.
05
Jul
2018

Hardware Vulnerability: Understanding Spectre, Meltdown and the Price of Unchecked Modernization

By:

Firewalls, encryption, antivirus software, armed security guards, dual authentication and every other added security mechanism that exists to secure data, do so to protect data from unauthorized access. Most bugs and viruses exploit weaknesses through a lapse in software or by targeting a specific operating system. However, less than a week into 2018, a different

Read More

26
Jun
2018

Guide to Creating a Cybersecurity Challenge for Kids

By:

By:  Stephanie Carruthers and Nolan Kennedy “Right now, we’ve got about 300,000 unfilled cybersecurity positions as a nation,” said Rick Driggers, from DHS at the Cyberthreat Intelligence Forum, reported on FedScoop. Driggers goes onto ask “So what are we doing to engage K-12”? As a Cybersecurity consulting firm, MindPoint Group (MPG) deals with this industry

Read More

10
Jun
2018

Inherent Risk Tiering for Third-Party Vendor Assessments

By:

It can be a challenging and overwhelming task to adequately manage the risk associated with outsourcing technology or business processes, no matter the size or sector of the organization. This is supported by a study sponsored by the Ponemon Institute, which gathered responses from hundreds of respondents across both public and private sectors to present

Read More

09
May
2018

Conducting and Detecting Data Exfiltration

By:

Is your organization taking proactive measures to prevent a data breach?  From 2016 to 2017, the number of data breaches in the U.S. increased by 45%. According to the Identity Theft Resource Center, more than 1,500 data breach incidents occurred in 2017, of which 53% exposed social security numbers and 19% exposed credit card numbers.

Read More

03
Apr
2018

CloudFront Hijacking

By:

I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I think it has gone mostly unnoticed for a few reasons: CloudFront’s default behavior is not intuitive. Some standard DNS configurations can mislead users into thinking that their vulnerable domains are configured correctly.   In the

Read More