{"id":10689,"date":"2022-10-14T16:38:39","date_gmt":"2022-10-14T23:38:39","guid":{"rendered":"https:\/\/www.aerocominc.com\/info\/?p=10689"},"modified":"2023-03-17T08:31:41","modified_gmt":"2023-03-17T15:31:41","slug":"cybersecurity-risk-assessment-common-findings-access-control-management","status":"publish","type":"post","link":"https:\/\/www.aerocominc.com\/info\/cybersecurity-risk-assessment-common-findings-access-control-management\/","title":{"rendered":"Cybersecurity Risk Assessment Common Findings: Access Control Management"},"content":{"rendered":"\n<p>What are the most common findings of a Cybersecurity Risk Assessment, in terms of CIS Control 6: Access Control Management?<\/p>\n\n\n\n<p>In the video below, Mike explains the two most common findings, according to his conversations with cybersecurity engineers, performing risk assessments for businesses.<\/p>\n\n\n\n<p>Want Mike&#8217;s recommendations on the best vendors to quote for a formal assessment for your company? Click the button below and ask him today.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"mailto:askmike@aerocominc.com\"><img loading=\"lazy\" width=\"200\" height=\"100\" src=\"https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/01\/Ask-Mike.png\" rel='magnific' alt=\"Ask Mike\" class=\"wp-image-10506\"\/><\/a><\/figure><\/div>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Cybersecurity Risk Assessment Common Findings: Access Control Management\" width=\"550\" height=\"309\" src=\"https:\/\/www.youtube.com\/embed\/qZPcSxfNjps?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3>About Mike<\/h3>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft size-large is-resized\"><img loading=\"lazy\" src=\"https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/06\/Mike-Smith-square-head-shot-2022-06.png\" alt=\"Mike Smith AeroCom\" class=\"wp-image-10661\" width=\"91\" height=\"91\"\/><\/figure><\/div>\n\n\n\n<p>Mike Smith has been helping companies select the best telecom, WAN, security, and cloud services since 1999. He&nbsp;founded AeroCom in 2003, and has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the&nbsp;<a href=\"http:\/\/mydigitalpublication.com\/publication\/index.php?i=68145&amp;m=&amp;l=&amp;p=53&amp;pre=&amp;ver=swf\" target=\"_blank\" rel=\"noreferrer noopener\">top 40<\/a>&nbsp;business people in tech-heavy Orange County, CA. Follow Mike&nbsp;on&nbsp;<a href=\"https:\/\/www.youtube.com\/c\/Aerocominc\" target=\"_blank\" rel=\"noreferrer noopener\">YouTube<\/a>,&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/mikesmithaerocom\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,&nbsp;<a href=\"https:\/\/twitter.com\/MikeSmithsBrain\" target=\"_blank\" rel=\"noreferrer noopener\">Reddit<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/community.spiceworks.com\/people\/mike-aerocominccom?source=navbar-subnav\" target=\"_blank\" rel=\"noreferrer noopener\">SpiceWorks<\/a>.<\/p>\n\n\n\n<div style=\"height:13px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3>Transcript<\/h3>\n\n\n\n<p>Your company is looking into cyber security and you&#8217;re looking into maybe getting a risk assessment done, like a cyber security risk assessment, a formal assessment. But before you go down that road, you&#8217;re kind of starting to think okay, well before I have a professional come in and pick apart our network and everything, what do I need to kind of clean up? That might be easy for me to do that doesn&#8217;t make me look so bad, like I&#8217;m just a total rookie.<\/p>\n\n\n\n<p>So it&#8217;s definitely one of those things where I know everybody has that feeling a little bit. \u201cHey, before I pay a professional, I want to make sure I&#8217;m not paying them to tell me stuff I already know and I already know I need to handle.\u201d So I wanted to make a video series on this for the <a href=\"https:\/\/www.aerocominc.com\/info\/cybersecurity-risk-assessment-common-findings-account-management\/\" target=\"_blank\" rel=\"noreferrer noopener\">most common findings<\/a> for a formal cyber security risk assessment. So this is the sixth installment and you feel free to watch the other videos as well.<\/p>\n\n\n\n<p>But today&#8217;s video is going to be on <a href=\"https:\/\/www.cisecurity.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">CIS<\/a> control number six.<\/p>\n\n\n\n<h2>Which Cybersecurity Risk Assessment Vendors Should We Quote?<\/h2>\n\n\n\n<p>But before I get ahead of myself, just a quick plug. If you&#8217;d like my recommendations on the best vendors to quote for a formal cybersecurity risk assessment for your organization, don&#8217;t Google it, don&#8217;t start searching the internet for it. Instead, contact me, <a href=\"mailto:AskMike@aerocominc.com\" target=\"_blank\" rel=\"noreferrer noopener\">via email<\/a> or by phone (714.593.0011). I&#8217;ve been doing this for 20 years. I&#8217;m a broker for all the major companies out there and within a few questions I can tell you which vendors you should be quoting and why. So more on that at the end of the video, but just wanted to throw that out there.<\/p>\n\n\n\n<h2>Background<\/h2>\n\n\n\n<p>So <a href=\"https:\/\/www.cisecurity.org\/controls\/access-control-management\" target=\"_blank\" rel=\"noreferrer noopener\">CIS control number six, access control management<\/a>. What are the most common findings within that control of the CIS framework? So if you hire&#8230; What I did for this is I actually spoke to risk assessment folks, the vendors we work with on a regular basis who go in and do these formal assessments. I sat down with one of their cybersecurity engineers and I asked them to go through each control of the CIS framework and tell me what&#8217;s the most common findings that they see within each control.<\/p>\n\n\n\n<p>So then from there, I&#8217;m taking that information, I&#8217;m making this video series.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" width=\"1024\" height=\"576\" src=\"https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-1024x576.png\" alt=\"Cybersecurity Risk Assessment Common Findings - Access Control Management\" class=\"wp-image-10691\" srcset=\"https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-1024x576.png 1024w, https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-300x169.png 300w, https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-768x432.png 768w, https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-250x141.png 250w, https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2-600x338.png 600w, https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/10\/Cybersecurity-Risk-Assessment-Common-Findings-Access-Control-Management2.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<h2>SSO<\/h2>\n\n\n\n<p>So within CIS control number six, the first thing that the cybersecurity engineers said that they see is simple. It&#8217;s <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/single-sign-on\" target=\"_blank\" rel=\"noreferrer noopener\">SSO<\/a>, a single sign-on. A lot of companies don&#8217;t have single sign-on set up, or they only have it set up partially. So that&#8217;s a real simple one for everyone to tackle.<\/p>\n\n\n\n<h2>Old Logins<\/h2>\n\n\n\n<p>Also, the second thing that they said is the most common finding is old passwords and user names that are sitting out there that have not been disabled or decommissioned.<\/p>\n\n\n\n<p>So we all know employees come and go and when they do, you&#8217;ll want to make sure you&#8217;re going through all of your check boxes, that you&#8217;re disabling all of their accounts on everything. So obviously those are prime for picking when it comes to threat actors and hackers trying to get into this software is old accounts that haven&#8217;t been touched in a while. So just going through and disabling those accounts, that&#8217;s another common finding that they see within CIS control number six.<\/p>\n\n\n\n<h2>What\u2019s the first step?<\/h2>\n\n\n\n<p>So those are just two quick tips. I hope it was helpful. If so, don&#8217;t forget to like and subscribe to the channel. That would be a big favor to me. If you&#8217;d like my recommendation on the best vendors to quote for a formal <a href=\"https:\/\/www.aerocominc.com\/info\/cybersecurity-risk-assessment-common-findings-configuration-of-enterprise-assets-and-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">cyber cybersecurity risk assessment<\/a>, reach out. Send me <a href=\"mailto:AskMike@aerocominc.com\" target=\"_blank\" rel=\"noreferrer noopener\">an email<\/a>, give me a call (714.593.0011). I&#8217;m happy to help. I&#8217;ve been doing this for 20 years. I can help you get to the right companies quick. The nice thing is the actual risk assessment vendors pay me my broker fee so you don&#8217;t have to pay me anything. So there&#8217;s no excuse not to at least reach out to me and see what I have to say and see which vendors I recommend. So I hope you like the video. If so, again, don&#8217;t forget to like and subscribe to it and I will catch you on the next one.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"mailto:askmike@aerocominc.com\"><img loading=\"lazy\" width=\"200\" height=\"100\" src=\"https:\/\/www.aerocominc.com\/info\/wp-content\/uploads\/2022\/01\/Ask-Mike.png\" rel='magnific' alt=\"Ask Mike\" class=\"wp-image-10506\"\/><\/a><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>What are the most common findings of a Cybersecurity Risk Assessment, in terms of CIS Control 6: Access Control Management? In the video below, Mike explains the two most common findings, according to his conversations with cybersecurity engineers, performing risk<span class=\"ellipsis\">&hellip;<\/span> <a href=\"https:\/\/www.aerocominc.com\/info\/cybersecurity-risk-assessment-common-findings-access-control-management\/\"><\/p>\n<div class=\"read-more\">Read more &#8250;<\/div>\n<p><!-- end of .read-more --><\/a><\/p>\n","protected":false},"author":10,"featured_media":10760,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[356],"tags":[995,996,933,380],"_links":{"self":[{"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/posts\/10689"}],"collection":[{"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/comments?post=10689"}],"version-history":[{"count":0,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/posts\/10689\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/media\/10760"}],"wp:attachment":[{"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/media?parent=10689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/categories?post=10689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aerocominc.com\/info\/wp-json\/wp\/v2\/tags?post=10689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}