According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting businesses in the UK could have been prevented by the implementation of some basic security controls. To help organizations adopt good practices in information security, the UK government released a government-endorsed certification scheme called Cyber Essentials in 2014.

In our previous blog, we took a detailed look at how a Common Data Environment (CDE) can provide construction teams with operational advantages that enable them to work more efficiently, save time, and reduce errors. A CDE provides a central repository for all aspects of construction content management, including storing and accessing design files, bid documents, specifications, images, videos, change orders, and markups – everything that makes up the content that defines a construction project.

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing.

As the technology advances and more business processes become digitalized each day, we seek new ways to protect our valuable data from prying eyes and cyber criminals. Post-quantum cryptography is one of these new ways. In this article, we will discuss what post-quantum cryptography is and why we will need it very soon.

There is that song by Baz Luhrmann, well it was actually a speech of his first that was later made it into a catchy jingle. It goes … If I could offer you only one tip for the future, sunscreen would be it A long-term benefits of sunscreen have been proved by scientists Whereas the rest of my advice has no basis more reliable Than my own meandering experience, I will dispense this advice now Unfortunately in securing your business, there is no Sunscreen type solution.

Email scams are nothing new, just about everyone has heard of that one Nigerian Prince for example, but there is another phishing scam doing the rounds and unsurprisingly it is Coronavirus flavoured. Gmail users alone are being targeted with up to 18 million phishing email hoaxes every single day. Of course, it doesn’t end there with ‘regular’ email users – healthcare professionals are being targeted also.

Blockchain, IOT, Neural Networks, Edge Computing, Zero Trust. I played buzzword bingo at RSA 2020, where the phrase dominated the entire venue. Zero Trust is a conceptual framework for cybersecurity that characterizes the principles required to protect modern organizations with distributed infrastructure, remote workforces, and web connected applications.

Have you ever wondered whether it’s ok to copy and paste code from an open source project? If you have, you’re not alone. A quick look around several developer websites shows a number of variations on this age-old question. It is never ok to copy and paste code from an open source project directly into your proprietary code. Don’t do it. Just don’t. Even if you’re on a tight deadline. Even if it’s only one loop.

In this blog post, we’re going to explain how to monitor Open Policy Agent (OPA) Gatekeeper with Prometheus metrics. If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components, like APIserver, kubelet or controller-manager. If something breaks here, Kubernetes won’t deploy new pods in your cluster; and if it’s slow, your cluster scale performance will degrade.

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 revision 2 is a Risk Management Framework for Information Systems and Organizations: A System Lifecycle Approach for Security and Privacy. NIST SP 800-37 rev 2 was published in December of 2018 and describes the Risk Management Framework (RMF) and guidelines on how to apply RMF to information systems.