Kata Containers is an open source project that seeks to enhance security for containers by isolating them in lightweight VMs. Each Kata Container runs with the speed and flexibility of standard containers, and it easily integrates with common container management software—including Docker and Kubernetes.

Cyber Essentials is a certification scheme developed by the National Cyber Security Centre (NCSC) in the United Kingdom. This scheme aims to help organisations establish a baseline of cyber security controls to protect against common cyber attacks. Two levels of certification are offered under the Cyber Essentials scheme: Cyber Essentials and Cyber Essentials Plus.

While both magic links and passkeys are methods of passwordless authentication, they’re not exactly the same. Some of the key differences between magic links and passkeys are how they work, their security, where a website server stores them and whether or not they expire after being used to log in to an account. Continue reading to learn more about what makes magic links and passkeys different and similar to one another.

NIST is to the US government what The Watcher is to the Marvel universe. In theory, it should simply observe the world around it, but in reality, it responds to evolving threats through interference. Despite the buzz around the update to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), you might find it hard to say that any compliance falls under the category of “hot.”

The Public Governance, Performance and Accountability Act 2013 is a key piece of legislation that establishes a framework of governance, performance, and accountability for Australian government and Commonwealth organizations. The PGPA Act’s main goal is to ensure that all government bodies practice effective management of public resources and are transparent in their activities.

Managed detection and response (MDR) providers often tout how quickly they can onboard new clients, and rapid onboarding can indeed be essential in many instances, but speed is not always paramount. What is crucial for long-term peace of mind is to configure the MDR service for robust detection of threats and protection of all your critical assets. This scope-of-coverage aspect can get lost as MDR providers promise to onboard clients in ever-tightening timeframes, including self-service onboarding.

To some, native applications are rudimentary. Why write an application specific to one platform when you can build one that is cross-platform compatible? After all, expanding the user base is one of the most fundamental objectives for software development teams. Doing this quickly with the current “build apps for any screen” approach is the obvious choice.

Static application security testing (SAST) and dynamic application security testing (DAST) are testing methodologies that help find security vulnerabilities that could leave an organization’s applications susceptible to attack.

This is Part 3 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. Creating documentation for anything is perhaps the least interesting job any employee has, but there are plenty of good reasons to do it. Let’s discuss the whys and hows of effective cybersecurity documentation.

One of the biggest challenges for a business with any sort of information security needs is ensuring proper handling of that information. With hundreds of data breaches, large and small, happening every single year, you don’t want to be a statistic. More than that, though, if you’re working on a government contract and using a framework like HITRUST, HIPAA, or FedRAMP, you need to adhere to high standards.