COO and CISO of Alvaka Networks, Kevin McDonald, sits down with Brian Sherman of IoTSSA for a very candid conversation on building a successful cybersecurity offering. He offers some great advice in this episode, such as using law enforcement as [...]
Phishing is a scam usually executed via email or text messaging. The perpetrator usually poses as someone you know and they induce you to send them money. The incident explained below could also be called spear phishing or whaling, in [...]
IT organizations understand the importance of applying current security updates, or "patches", to the operating systems and software applications running in their environment. However, many are reluctant to do so for fear of "breaking" their systems and causing outages. And, [...]
The failure to fully apply security updates (patches) to operating systems and software applications is the leading cause of cybersecurity compromise. A recent survey by Ponemon Institute of over 3,000 organizations, found that half had experienced a cybersecurity breach in [...]
Periodically, Alvaka Networks sponsors a car driving event for clients. This type of event is often referred to as an HPDE, or High Performance Driving Event. At this event, guests participate in both classroom and on race track driving instruction. [...]
If you own a computer, it is very likely you know something about patching, or updating, software. First, this is different from upgrading, which usually means a developer of software has added new features or made significant changes to the [...]
I just read a press release about a new product, NetBeez, which performs active network monitoring from the user perspective. I suppose it has a narrow fit, but it seems to me that most modern day monitoring applications should be [...]
Mimi Grant from ABL shares her personal sextortion experience in this vlog. In our previous blog, Sextortion: The New Threat No One is Talking About, Alvaka's CEO shared the email that Mimi received and resources to handle and prevent this [...]
Written by Alvaka Networks CEO, Oli Thordarson. Oli discusses a client's experience with a sextortion scam email and provides some helpful suggestions on how to both handle and avoid this type of online phishing. I got a call from a [...]
A friend of mine asked me if he should buy cyber insurance for his business. Whether your need is for a self-hosted/owned, cloud or hybrid infrastructure this is not an easy answer. As I thought about it, I decided this is probably a topic of interest to many financial managers at small to mid-size enterprises. How should you decide this question and who can you seek for legitimate counsel that is qualified to answer this question without having a conflict of interest?
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
If you are presenting to management for a budget, and using this calculator as the basis for a Return on Investment (ROI), you will need to do more homework. An ROI measures as a ratio of the cost of investment against its expected benefit. For patching, calculating benefit can be very difficult to determine. How do you measure the cost of a system breach you have not yet had? You can estimate what expenses, penalties, and losses a company might incur when a breach occurs; but there is no certainty of a breach event and what those costs actually are. There are also regulatory compliance issues and/or potential fines for not patching, but those, too, can be vague. For calculating these potential risks and costs, it is advisable to enter into a discussion with your management team.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
For example, someone making $80,000 per year will typically work 52 weeks of 40 hours, or 2080 hours. $80,000 divided by 2080 is $38.46/hour. Multiply that hourly rate by 1.3, and you get $50.00/hour. Of course, rates of pay, taxes and benefits will vary from city, state and company; but 30% is usually a good number to use. Don’t forget to account for time-and-a-half or after-hours rates of pay if patching is being done in the late evening, early morning, or weekends (in order to avoid impacting user productivity).
Smoke testing is a term used to describe the testing process for servers after patches are applied. The process typically involves making sure servers are rebooted in the right order, making sure they have completely rebooted, restarting applications in the right order, and then testing to be certain everything is working properly when users return to work in the morning.
This typically takes 30 minutes per server, depending upon your environment.
PCs are not typically smoke tested, or if so, not all of them.
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
There are many variables to consider. Some are: