Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final product, supply chains carry inherent cybersecurity risks.
If it wasn’t clear already, the RSA 2022 Conference highlighted that zero trust is the conversation every technology vendor wants to have and somehow associate with their products. This week at InfoSec 2022 we are seeing exactly the same. But how should an organisation weed through the hype to understand true value? Zero trust is certainly not a new concept.
The term “ITAR compliance” is a misnomer. Unlike FedRAMP and other compliance frameworks, there is no formal “ITAR Compliance” or “ITAR Certification” process. Organizations that fall under ITAR need to understand how the regulations apply to them and set up internal policies and controls to protect ITAR technical data. Let’s examine what ITAR is all about, and how Keeper’s cybersecurity suite can help you comply with it.
Golang was the first programming language to support fuzzing as a first-class experience in version 1.18. This made it really easy for developers to write fuzz tests. Golang 1.14 introduced native compiler instrumentation for libFuzzer, which enables the use of libFuzzer to fuzz Go code. libFuzzer is one of the most advanced and widely used fuzzing engines and provides the most effective method for Golang Fuzzing.
Phishing is a real problem. One that can wreak havoc on your digital and financial life. Here, we’ll look at different ways we can identify a phishing scam and stop it in its tracks. Phishing is the practice of sending emails (or other messages) with the intent to make the recipient believe it’s from a certain company or individual.
A cybersecurity Incident Response Plan (CSIRP) is the guiding light that grounds you during the emotional hurricane that follows a cyberattack. A CSIRP helps security teams minimize the impact of active cyber threats and outline mitigation strategies to prevent the same types of incidents from happening again. But as the complexity of cyberattacks increases, so too should the strategies that prevent them.
Can TPRM programs integrate with my existing cybersecurity framework? These are just some of the questions troubling stakeholders at the precipice of a TPRM program implementation. While left answered, these questions cause delays in the onboarding of an initiative that could prevent a catastrophic third-party breach. Whether you’re considering implementing a TPRM program, or not sure how to even begin the implementation process, this article will be your guiding light.
The NY CRR 500 legislation was instituted by the New York Department of Financial Services (NYDFS) in 2017 in response to the rising trend of cyberattacks in the finance industry. Sometimes regarded as the GDPR for financial services, the NY CRR 500 has a very high standard for sensitive data protection, requiring protection strategies for ensuring the confidentiality, integrity, and security of information systems and nonpublic information (including customer data).
Because virtually all vendor risk management processes depend upon the third-party risk standards stipulated in a risk appetite statement, it’s almost impossible to secure your third-party attack surface without a risk appetite statement.
Stop, look, listen; lock, stock, and barrel; "Friends, Romans, Countrymen..." The 3 Little Pigs; Art has 3 primary colors; photography has the rule of thirds; the bands Rush and The Police; the movie The 3 Amigos. On and on it goes - "Omne trium perfectum" – “Everything that comes in threes is perfect.” While this article doesn’t provide perfection, we’ll focus on the top three API vulnerabilities (according to OWASP).
