Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Just 12% of ICS Security Pros Very Sure of Orgs' Ability to Respond to Digital Attacks

Malicious actors are increasingly launching digital attacks against industrial organizations. Many of these campaigns have been successful, particularly those that have targeted energy utilities and manufacturing plants. In late spring 2019, for instance, aircraft parts manufacturer ASCO temporarily suspended operations worldwide after falling victim to a ransomware attack.

What is an Exploit?

An exploit is a piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data. Once vulnerabilities are identified, they are posted on Common Vulnerabilities and Exposures (CVE). CVE is a free vulnerability dictionary designed to improve global cyber security and cyber resilience by creating a standardized identifier for a given vulnerability or exposure.

8 Top Technical Resource Providers for ICS Security Professionals

Organizations are increasingly preoccupied with strengthening the digital security of their industrial control systems (ICS). They no doubt heard FireEye reveal that it had detected a second intrusion by the same actor behind Triton malware at a second critical infrastructure organization. More recently, they likely heard confirmation of a digital attack that struck the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India back in September.

Egnyte Metadata Intelligence Provides Structure to Your Enterprise Content

The great management thinker, W. Edwards Deming, famously said something to the effect of, “If you can’t measure it, you can’t manage it.” It’s hard to argue with Deming’s logic, but there’s a consideration that comes before measurement, and that’s discovery. Before anyone measures or manages anything, they have to be able to accurately find and understand the things being measured, managed, improved, and transacted.

Considerations for taking the CompTIA Security+ exam

I recently took – and passed – the CompTIA Security+ exam (Sec+). Sec+ is a general introduction to multiple functional areas of security, ranging from network security to access control and identity management, for anyone looking to break into the space. For context, I have no previous training as a network or security professional, and my educational background was finance and Russian, nothing related to security.

California Confidentiality of Medical Information Act vs. HIPAA

Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.

The surprising truth about cybersecurity and autism

This is a guest blog by Kim Crawley. I’ve worked in cybersecurity for about a decade, but I’ve been autistic for my entire life. Careers usually start in adulthood, but autism is something children are born with. And contrary to what some people assume, autism doesn’t disappear at age 18. Autism is for life. Unfortunately, once autistic people become adults, services become a lot less plentiful.