Profile

Timothy Pinkham

Edit My Profile


My Content

1 to 15 of 15 total
Posted By Timothy Pinkham 09-23-2022 02:58:00 PM
Found In Egroup: Cybersecurity
\ view thread
I want to revive this topic. I would still like to know if anyone has answers to my original questions, and I have new questions. Which departments do you include in your GLBA risk assessments each year? Why those departments? How do you determine what questions to include on your assessment questionnaires? ...
Posted By Timothy Pinkham 09-12-2022 04:49:09 PM
Found In Egroup: Cybersecurity
\ view thread
Randy, Do you track or manage student or adjunct computers? I'm wondering if you have any assets that classify as authorized unmanaged untracked assets. That would also mean that it's possible to have an authorized non-enterprise asset, right? ------------------------------ Timothy Pinkham Information ...
Posted By Timothy Pinkham 09-12-2022 01:34:00 PM
Found In Egroup: Cybersecurity
\ view thread
Thank you, Randy! Can you tell me what the definition of "unauthorized asset" is? We're working through our 1.1 policy (with the help of the CIS enterprise asset management policy template). We're having difficulty locking in certain terms because "unauthorized asset" isn't clear to us. Is it more ...
Posted By Timothy Pinkham 09-12-2022 12:08:00 PM
Found In Egroup: Cybersecurity
\ view thread
I like what you're doing here, Neal! I'd love to have a version with our logo. ------------------------------ Timothy Pinkham Information Security Analyst Biola University ------------------------------
Posted By Timothy Pinkham 09-08-2022 03:16:18 PM
Found In Egroup: Cybersecurity
\ view thread
Thank you, Tony! I appreciate your input! ------------------------------ Timothy Pinkham Information Security Analyst Biola University ------------------------------
Posted By Timothy Pinkham 09-08-2022 09:46:23 AM
Found In Egroup: Cybersecurity
\ view thread
I have a question about Safeguard 15.1, which states: "Establish and maintain an inventory of service providers. The inventory is to list all known service providers, include classification(s), and designate an enterprise contact for each service provider. When it says "enterprise contact," does ...
Posted By Timothy Pinkham 08-08-2022 02:51:00 PM
Found In Egroup: Cybersecurity
\ view thread
CIS Safeguard 1.1 requires us to maintain an enterprise asset inventory. CIS's Enterprise Asset Management Policy template ( on p.9) states that we should "Record the enterprise asset identifier alongside other relevant information within the IT inventory." What are your recommended methods for recording ...
Posted By Timothy Pinkham 08-05-2022 08:54:00 AM
Found In Egroup: Cybersecurity
\ view thread
Thank you to everyone for your contributions here. I'd still like to hear from anyone with experience implementing the CIS controls, especially if you have tips for CIS 01 IG1s. ------------------------------ Timothy Pinkham Information Security Analyst Biola University ---------------------- ...
Posted By Timothy Pinkham 08-05-2022 08:50:00 AM
Found In Egroup: Cybersecurity
\ view thread
Randy, this is brilliant! Exactly what I was looking for. Thank you for your input! ------------------------------ Timothy Pinkham Information Security Analyst Biola University ------------------------------
Posted By Timothy Pinkham 08-03-2022 04:03:00 PM
Found In Egroup: Cybersecurity
\ view thread
I have a specific question, and I'd appreciate your input. CIS 01 focuses on an enterprise asset inventory. The v8 document states this: "This inventory includes assets connected to the infrastructure physically, virtually, remotely, and those within cloud environments. Additionally, it includes ...
Posted By Timothy Pinkham 07-26-2022 09:31:00 AM
Found In Egroup: Cybersecurity
\ view thread
We're working on implementing the CIS controls at our university. Has anyone else implemented the controls successfully? Or is anyone in the process of implementing them? I would appreciate having some contacts to send questions to as we learn to implement the controls. ------------------------------ ...
Posted By Timothy Pinkham 04-08-2022 08:59:00 AM
Found In Egroup: Cybersecurity
\ view thread
Do you include Human Resources in your GLBA risk assessment? Do you consider HR to handle "customer" information? Do you handle your GLBA compliance tasks in a spreadsheet, or do you use a compliance tool? If you use a tool, which one, and why? Do you have any resources to share that can help simplify ...
Posted By Timothy Pinkham 02-17-2022 04:09:00 PM
Found In Egroup: Cybersecurity
\ view thread
We commonly receive user requests for a secure way to share sensitive data with people. We have Google Drive for employees to share files with each other, but we would like to implement a service that allows our users to share large files, and share with people outside of our organization. Encryption ...
Posted By Timothy Pinkham 02-17-2022 04:04:00 PM
Found In Egroup: Cybersecurity
\ view thread
We're using KnowBe4 to send out simulated phishing campaigns. We build our campaigns using template emails provided by KnowBe4.
Posted By Timothy Pinkham 02-16-2022 01:55:00 PM
Found In Egroup: Cybersecurity
\ view thread
We've been running simulated phishing campaigns for over a year now, and we're trying to determine how best to handle our repeated clickers. How many clicks do you allow before you contact clickers for custom/remedial training? How many clicks do you consider to be a real problem? Do you ...