Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Workflow Automation For Compliance

The time-consuming, administratively burdensome compliance process is riddled with potential human errors that can lead to violations. As securing data increasingly relies on proving controls’ effectiveness, the compliance becomes more stressful for everyone in the organization. However, building compliance workflow can streamline the process leading to a more cost effect and auditable outcome.

Siegeware and BAS attacks, an emerging threat

As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent. The targets of attacks also change with the times.

NIST SP 800-190 application container security with Sysdig Secure

In September 2017, the National Institute of Standards and Technology (NIST) released Special Publication (SP) 800-190, Application Container Security Guide. NIST SP 800-190 explains the security concerns associated with container technologies and recommendations for the image details and container runtime security. It provides prescriptive details for various sections including image, registry, orchestrator, container and host OS countermeasures.

Establishing Information Security in Project Management

A person recently asked me if it was possible to implement ISO 27001 using a specific project management software product. They used the tool in the past to define project plans and make project reviews. While I told them this is entirely possible, the truth is one can implement ISO 27001 even without a project plan or any specific tools. But should they?

Risk Mitigation Strategies

It is rightly said that “Prevention Is Better Than Cure.” This maxim can also be applied in information technology in terms of IT risks. Risk mitigation is a process whereby an enterprise takes some proactive measures or use some strategies to mitigate or eliminate risks altogether in order to prevent or reduce damage to the organization. The following sections gain an insight into some popular risk mitigation strategies organizations are looking for in 2019.

Security is Simple as 1, 2, 3

Keeping an organization’s IT assets secure in this day and age is a challenge. The sands of the information security landscape are constantly shifting, and it can be difficult for practitioners to find solid footing; to identify those initiatives that will net the greatest return on security spend. Each day seems to bring another emerging concern in the threat landscape.

Managed Vulnerability Management? Yes, You Read That Right

The importance of a mature vulnerability management program can’t be overstated. File integrity monitoring (FIM) and security configuration management (SCM) might be the bedrock of a strong cybersecurity program, but they can only go so far. Scanning for vulnerabilities needs to be a foundational part of your program, too.

What Is DLP, Why Does It Matter And What Is Your Current Strategy Missing?

Once upon a time, protecting critical data assets meant keeping printed confidential information in locked boxes labeled top secret. As long as these boxes were kept in secured areas, all was well. Today, information has no such physical boundaries. Network perimeters and firewalls have become the new walls, and data classification schemas are the new box labels. This shift led to an evolution in how companies protected their data from leaving their environments.

How to Audit Governance

Governance, risk, and compliance (GRC) have become buzzwords in cybersecurity. As governments and industry standards organizations respond to the data breach landscape by creating new compliance requirements, governance has become fundamental to creating an effective risk management program. Auditing governance requires organizations to communicate with internal and external stakeholders.

3 enemies - the $96B in cyber crime that nobody wants to talk about

They say that bad things always come in threes. The adage may testify to little but the popularity of superstition, but for security executives today, this notion regrettably passes muster. Crime, complexity and cost are three foes that every CISO must face, and while most companies think crime is the enemy, in many cases it is the latter two heads of this “cyber-cerberus” that deliver the most certain bite.