On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.
There are many important factors to consider when choosing a cloud provider for your cloud use cases. For organizations in heavily regulated industries, compliance with relevant regulations is one of the most important things to think about. Whether you’re planning for a single cloud workload or a hybrid multi-cloud setup, maintaining compliance for sensitive data in the cloud is imperative.
Organizations need the right internal personnel like a CISO to keep their systems and data secure. But what kind of skills do these leaders need? And how should they guide their employers in a way that doesn’t overlook the evolving threat landscape? To find out, I spoke decided to speak with Goher Mohammad. Goher is the Group Head of Information Security (CSO) for L&Q. He has held that position there for just under three years.
Last month we hosted a webinar dedicated to discussing the issue of codebase security. As trends like secrets and credential exfiltration continue to be of concern within systems like GitHub, threats, such as cryptojacking and supply side attacks, have become more of a problem. This makes understanding key aspects of codebase security very important. That’s why we pulled out 4 lessons from our recent session that developers and security engineers must know.
The final draft international standard (FDIS) of ISO/SAE 21434 “Road vehicles – cybersecurity engineering” was released in May of this year, with the final version expected to be released a few months later.
The Windows System Monitor (Sysmon) is one of the chattiest tools. With all the information coming in, it can be difficult and expensive to use it efficiently. However, the Graylog Illuminate package gives you a way to fine-tune it so that you can get better data and manage your ingestion rate better. Sysmon gives you awareness of what’s going on in your endpoints.
All of us take our personal security very seriously – after all, when was the last time you left your house without locking your front door? Sadly the same can’t be said for the care we take about our personal data – both our own, and that of other people. But personal data is an integral and unignorable fact of life, and we need to ensure we’re taking care of it in both our personal and professional lives.
SQL injection (SQLi) is one of the most common code-injection techniques used to get information from one’s database. Generally speaking, this is malicious code placing in one’s database via a page input, most often a registration form. SQL injection usually occurs when you ask a user for input, like their username/user ID, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
Security is a key element required by any enterprise technology for ensuring business success and growth as well as trust in their buyers. But where to start in setting up a security posture in your SAP environment? As a security specialist, you know your customers are usually only a click away from your services and products. Your clients might only notice technical deficiencies and will not get into detail about the security aspects of all the systems you use.
We’re constantly told to “Shift Left” and that Secure DevOps is the only way to have confidence in your cloud native applications. But speaking to end-users and industry colleagues, it’s clear that there are some major challenges in adopting Secure DevOps. If we read our history books, we know that DevOps wasn’t successfully adopted by buying tools, and a true cultural movement towards DevOps wasn’t established by having a small dedicated team of DevOps specialists.
