In early March, Microsoft reported a large, coordinated attack that exploited critical vulnerabilities in Exchange Server 2010, 2013, 2016 and 2019 in an attempt to exfiltrate credentials and other sensitive information from organizations’ mailboxes. Microsoft attributed this attack to a sophisticated Chinese group code-named HAFNIUM. The first detected attempts date back to January 2021.

IT teams rely on Active Directory (AD) to keep networks secure and maintain user accounts — but they often need to adhere to strict budget limitations when it comes to selecting software to help. That’s why we’ve put together this list of the top free Active Directory management tools. Our picks focus on AD tools that will help you complete routine AD management tasks much faster so your team has time to focus on other priorities.

The NIST 800-53 standard offers solid guidance for how organizations should select and maintain customized security and privacy controls for their information systems. NIST SP 800-53 Revision 5 is one of many compliance documents you need to familiarize yourself with if you are working with information technology. This post breaks it down for you into digestible pieces that emphasize the standard’s practical meaning and application.

Organizations often create multiple IT policies for a variety of needs: disaster recovery, data classification, data privacy, risk assessment, risk management and so on. These documents are often interconnected and provide a framework for the company to set values to guide decision-making and responses. Organizations also need an information security policy. This type of policy provides controls and procedures that help ensure that employees will work with IT assets appropriately.

Conducting a data protection impact assessment (DPIA) or privacy impact assessment (PIA) is a complex and challenging task. Nevertheless, it’s critical to do. Data privacy concerns have become a significant focus across all industries, and for good reason: data is at higher risk than ever before. In its 2020 Q3 Data Breach QuickView Report, Risk Based Security revealed that 36 billion records were exposed during the first three quarters of 2020.

Data leaks don’t get as much press as data breaches — but they can be just as devastating to your business. In this article, you’ll learn how data leaks happen and the key steps to take to defend your organization.

If you don’t know the state of your network and server health every second of the day, you’re like a blind pilot inevitably headed for disaster. Fortunately, the market now offers many good tools, both commercial and open source, for network and Windows Server monitoring. We’ve put together a list of best open source, free and paid Windows Server monitoring tools that have proven their value in networks of many sizes.

The General Data Protection Regulation (GDPR) is a set of provisions and requirements governing data protection and privacy for individuals across the European Union. It applies to any business or public body — inside or outside the EU — that handles the personal data of EU residents. Essentially, GDPR requirements govern the way companies process and store personally identifiable information (PII).

ISO/IEC 27001 is a set of international standards developed to guide information security. Its component standards, such as ISO/IEC 27001:2013, are designed to help organizations implement, maintain and continually improve an information security management system (ISMS). Compliance with ISO 27001 is not mandatory.

Managers and compliance auditors often ask IT admins to present a report listing file share permissions granted to a group or a particular user. Here are a few paid and free tools that will help you save time on generating these reports.