We had a great meeting at Wright State University today discussing cybersecurity trends for 2018. The students are extremely knowledge and interested in the topic. It's fantastic to see this type of excitement when it comes IT and cybersecurity! We've been invited back for the fall semester and we are looking forward to it. Thank you ISSCM!

 #informationsystems #cybersecurity #wrightstateuniversity #WSU #2018trends #compliance

Gratia is proud to be the speaker for the April 11th meeting of the Greater Cincinnati Information Systems Security Association (ISSA), hosted by TEKSystems. The Greater Cincinnati ISSA is a non-profit group that provides networking and educational opportunities for local information security professionals. Our co-founders, Wayne Kiphart and Thomas Runge, will be presenting "Cybersecurity in the Supply Chain" and discussing the evolution of supply chain management. Join us on Wednesday, April 11th at 4:30 to learn how to better serve your business and your customers!

You are only as strong as your weakest link.

Follow this link to register for the event: https://events.r20.constantcontact.com/register/eventReg?oeidk=a07ef7s4x8u084c307c&oseq=&c=&ch=

#ISSA #GreaterCincinnatiISSA #cybersecurity #informationsystems

We are thrilled to attend the InfraGard Midwest Security Symposium on April 26th and 27th to learn more about cybersecurity from members of the FBI, Office of Director of National Defense, and the U.S. Attorney’s office. The two-day event will include information of national and local importance from experts in security and intelligence. InfraGard is the public-private partnership between the FBI and the private sector. They work to protect US critical infrastructure. If you are interested in the latest trends in information systems security, we hope to see you there.

To register for the event or view the agenda, follow this link: http://infragardcincinnati.org/?p=710

#InfraGardCincinnatiMemberAlliance #informationsystems #cybersecurity #Midwest #security #intelligence

We are excited to present at the 15th Annual Ohio Information Security Conference. Thomas Runge will be presenting Cybersecurity in the Supply Chain at Sinclair College Ponitz Center from 1:30 to 2:30 in Room 131 on Wednesday, March 7th. We hope you attend to learn more about how to keep your business safe! #OISC2018



Thank you to all the participants! We hope you enjoyed the short presentation and as promised, here is the link to download the Powerpoint file (including the last Star Wars page...)


Click here to download the slideshow


GDPR is coming, not only winter

GDPR (EU General Data Protection Regulation)

The effective date - May 25th, 2018 - is coming soon!

The EU is putting this regulation in place to mandate that companies will protect personal information of EU citizens. Organizations that are not compliant with this regulation could face heavy fines. There are technical solutions like vulnerability management, patching, managed SIEM to help protect the data.  There are also processes and governance solutions based on best practices like ITSM, ISO27001, and NIST to better help mitigate risks and protect data.

Why do I care if my company is not located in the EU?


Read more: The EU General Data Protection Regulation (GDPR)

Cybersecurity comes to the Greater Cincinnati area
and Gratia is a proud sponsor of the event!


This year, Gratia is sponsoring one of the largest Cybersecurity symposiums in the Midwest, hosted by Northern Kentucky University. It is a one day event, packed with great presentations and most valuable breakout sessions.

If cybersecurity is a concern for your organization (and yes, it should be), please join us for the 10th Annual Cybersecurity Symposium, hosted on NKU’s campus on Fri, Oct 13th.

Early bird pricing of $199 (versus $250) runs thru mid Sept.  NKU is also running a buy 5, get 1 free promotion.
Here’s the link to register:  http://nku.edu/cyber10

We are looking forward to meeting with you at the event - if you would like to schedule some time with our executives, please send us an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. or give us a call at 513-800-0660.

Don’t become the next Equifax!

In case you have not heard about it, Equifax, the credit reporting agency, was hacked and lost 143 million customer data records to hackers. The data set included social security numbers, names, addresses, birth dates and credit card information.

How could that have happened?

Read more: Don't become the next Equifax!

sec 0002

In our last update, we outlined the attributes of a threat management approach (Prevention, Detection, Containment, and Removal), and briefly discussed the potential weak areas (People, Processes, and Technology).

Today, we want to introduce an approach based on Prevention.

Common endpoint protection solutions are typically focused on 1.) threat detection, 2.) threat containment, and 3.) threat removal.

Read more: Data security program – threat prevention

In our conversations and engagement with our customers, we learned that there is a lot of need to understand today’s buzzwords around endpoint protection, data protection, malware, ransomware and others. This short write-up covers some thoughts around the first phase “Prevention” in a good data security/protection approach for an organization. We will cover the other parts in later articles – not because they are less important, but simply to keep this first one short and interesting. As mentioned, your overall threat management should cover these areas:

Prevention – Implement processes and technologies to minimize the risk of malware or ransomware impacting your organization

Detection – Implement technologies that allow a quick and reliable detection of security incidents and a process for security incident management

Containment – Implement technical concepts to minimize the impact of a security incident

Removal / Recovery – Ensure that there are reliable means to recover data e.g. from regular backups.

Read more: Tips for your data security program




Cyber Security and ServiceNow

How to solve the relationship between security and IT. Check out the latest information about cyber security event/alert integration into the ServiceNow product line:

Read more: Cyber security and ServiceNow
Page 2 of 3