Looking to build trust in your software? Start with BSIMM12’s top five software security activities. For any organization looking to improve the security of its software, Building Security In Maturity Model (BSIMM) has dozens of options. Many dozens. The 12th iteration of the BSIMM report, released September 28, details 122 software security activities (also known as controls) that were observed in the 128 participating organizations.

Enterprise organizations and government agencies worldwide are focused on strengthening their computer networks against the risk of a cyberattack. However, a cybersecurity program is only as strong as its weakest link – and that link is often an employee. Yes, employees remain the biggest cybersecurity threat today. So, in addition to putting the right security controls and tools in place, your Information Security team needs to create a more risk-aware culture.

Around the world, and particularly over the past few years, regulators have been looking for ways to strengthen the resilience of the financial sector. In the European Union, regulators within the European Commission (EC) have taken a concrete step to meet this objective through the Digital Operational Resilience Act (DORA). The EC published a draft version of DORA in September 2020.

The Nightfall blog is a knowledgebase for cybersecurity professionals with news and insights from the world of cloud security. Each week, we’re publishing new content to help you stay up-to-date on cybersecurity topics and to prepare you for the issues and threats that occur every day on the job.

Boards of Directors constantly need to be educated about and aware of their organizations’ cybersecurity posture. Regulations hold them responsible for decision-making and governance. Meanwhile, increased ransomware attacks pose a financial risk to their shareholders. To enhance the risk analysis, questions like these can provide visibility into the company’s strategy.

Here at AT&T Cybersecurity, we believe cyber protection should include multiple layers and cover as much ground as possible. Having full visibility into threats on the network and being able to automate actions against them not only reduces an organization’s risk but also frees up time for security teams to focus on other high-value security tasks.